38 matches found
Apache mod_ssl 2.0.x - Remote Denial of Service
source: https://www.securityfocus.com/bid/11154/info Apache 2.x modssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'charbufferread' function of the...
CVE-2002-1157
Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...
Apache mod_ssl < 2.8.10 Off-by-one Overflow
Binary data 1512.prm...
Apache mod_ssl Session Cache Code Overflow
Binary data 1513.prm...
CVE-2004-0700
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
The remote host is using a version vulnerable of modssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host. Some vendors patched older versions of modssl, so this might b...
CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
[OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [email protected] [email protected] OpenPKG-SA-2004.026 27-May-2004 Package: apache option "withmodssl" only Vulnerability: arbitrar...
CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
Apache mod_ssl Host: Header XSS
According to the web server banner, the version of modssl running on the remote host has a cross-site scripting vulnerability. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in stolen credentials. Note that several Linux distributions...
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
/ E-DB Note: Updated exploit https://www.exploit-db.com/exploits/47080 E-DB Note: Updating OpenFuck Exploit http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ OF version r00t VERY PRIV8 spabam Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free ...
Apache mod_ssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (1)
Apache modssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow 1 / E-DB Note: Updated exploit https://www.exploit-db.com/exploits/47080 E-DB Note: Updating OpenFuck Exploit http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ OF version r00t VERY PRIV8 spabam Compile with: gcc -...
Apache mod_ssl ssl_compat_directive Function Overflow
The remote host is using a version of modssl that is older than 2.8.10. This version is vulnerable to an off-by-one buffer overflow that could allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server. Note that several Linux...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to...
Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
According to the web server banner, the remote host is using a vulnerable version of modssl. This version has a buffer overflow vulnerability. A remote attacker could exploit this issue to execute arbitrary code. Some vendors patched older versions of modssl, so this might be a false positive...