EUVD-2008-0565

Malware in sbrugna...

EUVD-2002-1217

Malware in sbrugna...

EUVD-2004-0009

Malware in sbrugna...

Apache-SSL < 1.3.29 / 1.53 SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

Binary data 1167.prm...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

Apache-SSL optional client certificate vulnerability

From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...

Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

The remote host is running a version of ApacheSSL that is older than 1.3.29/1.53. Such versions are reportedly vulnerable to a flaw that could allow an attacker to make the remote server forge a client certificate. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12046;...

[SECURITY] [DSA-132-1] apache-ssl chunk handling vulnerability

Package : apache-ssl Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for...

Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates. C...