Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 2004/02/06 12:0 a.m.21 views

Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

The remote host is running a version of ApacheSSL that is older than 1.3.29/1.53. Such versions are reportedly vulnerable to a flaw that could allow an attacker to make the remote server forge a client certificate. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12046;...

7.5CVSS5.6AI score0.01166EPSS
Exploits0References3
OSV
OSV
added 2002/11/05 12:0 a.m.29 views

DSA-188 apache-ssl - several vulnerabilities

Bulletin has no description...

7.5CVSS9.3AI score0.94006EPSS
Exploits0
CVE
CVE
added 2002/10/25 4:0 a.m.80 views

CVE-2002-1233

CVE-2002-1233 applies to Debian’s apache-ssl packages, where a regression in Apache 1.3.27 and earlier (Debian 2.2 before 1.3.9, Debian 3.0 before 1.3.26) allows local attackers to read or modify the Apache password file via a symlink attack when running htpasswd or htdigest. The issue reintroduc...

2.6CVSS5.9AI score0.00564EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2002/06/25 4:0 a.m.247 views

CVE-2002-0082

CVE-2002-0082 affects mod_ssl and Apache-SSL where memory is not properly initialized during SSL_SESSION serialization (i2d_SSL_SESSION), enabling a remote attacker to trigger a buffer overflow with a large client certificate signed by a trusted CA. This can lead to arbitrary code execution on vu...

7.5CVSS7.7AI score0.29878EPSS
Exploits1References18Affected Software2
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.40 views

CVE-2002-0082

The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...

7.7AI score0.29878EPSS
Exploits1References18
Debian
Debian
added 2002/06/19 1:9 p.m.23 views

[SECURITY] [DSA-132-1] apache-ssl chunk handling vulnerability

Package : apache-ssl Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for...

7.5CVSS6.4AI score0.95027EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2002/03/19 12:0 a.m.63 views

Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates. C...

7.5CVSS5.9AI score0.29878EPSS
Exploits1References5
Debian
Debian
added 2002/03/10 10:44 p.m.11 views

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

0.6AI score
Exploits0
Debian
Debian
added 2002/03/10 10:44 p.m.8 views

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

8.3AI score
Exploits0
NVD
NVD
added 2000/10/20 4:0 a.m.16 views

CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse...

4.6CVSS6.3AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2000/09/21 4:0 a.m.26 views

CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse...

6.3AI score0.00315EPSS
Exploits0References2
CVE
CVE
added 2000/09/21 4:0 a.m.48 views

CVE-2000-0791

CVE-2000-0791 describes a Trustix vulnerability where the httpsd binary (Apache-SSL) is installed with world-writeable permissions, enabling local users to replace it with a Trojan horse. The root cause is improper permissions on the httpsd executable, allowing local write access and substitution...

4.6CVSS6.7AI score0.00315EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2000/08/17 12:0 a.m.30 views

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/04/18 12:0 a.m.55 views

Linux news 18.04.00

Linux Kernel 2.2.15pre19 Вышел очередной, девятнадцатый по счету, пререлиз нового стабильного ядра Linux Kernel 2.2.15. Подробнее:http://kernelnotes.org/lnxlists/linux-kernel/lk000403/msg00193.html QPopper 3.0 Вышла новая версия POP3 сервера для Unix. В ней добавлена поддержка PAM, RFC 2449,...

Exploits0
Rows per page
Query Builder