Debian Security Advisory DSA 132-1 (apache-ssl)

The remote host is missing an update to apache-ssl announced via advisory DSA 132-1. OpenVAS Vulnerability Test $Id: deb1321.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 132-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 188-1 (apache-ssl)

The remote host is missing an update to apache-ssl announced via advisory DSA 188-1. OpenVAS Vulnerability Test $Id: deb1881.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 188-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 067-1 (apache,apache-ssl)

The remote host is missing an update to apache,apache-ssl announced via advisory DSA 067-1. OpenVAS Vulnerability Test $Id: deb0671.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 067-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-188)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 132-1 (apache-ssl)

The remote host is missing an update to apache-ssl announced via advisory DSA 132-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)

The remote host is missing an update to libapache-mod-ssl, apache-ssl announced via advisory DSA 120-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Solaris 9 (sparc) : 113508-02

Sun Cluster 3.0: Apache SSL Components patch for Solaris 9. Date this patch was last updated by Sun : Feb/19/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Solaris 8 (sparc) : 113505-02

Sun Cluster 3.0: Apache SSL Components patch for Solaris 8. Date this patch was last updated by Sun : Feb/19/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

HP-UX PHSS_27627 : s700_800 11.04 Virtualvault 4.5 inside server support

s700800 11.04 Virtualvault 4.5 inside server support : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - Potential vulnerability in Apache web servers while handling SSL requests...

Debian DSA-120-1 : mod_ssl - buffer overflow

Ed Moyle recently found a buffer overflow in Apache-SSL and modssl. With session caching enabled, modssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks. To exploit the overflow, the server mu...

Debian DSA-132-1 : apache-ssl - remote DoS / exploit

Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures...

CVE-2004-0009

CVE-2004-0009 affects Apache-SSL: versions 1.3.28+1.52 and earlier are vulnerable when SSLVerifyClient is set to 1 or 3 and SSLFakeBasicAuth is enabled, allowing remote attackers to forge a client certificate using the target user’s one-line DN. Root cause involves SSLVerifyClient/SSLFakeBasicAut...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

Apache-SSL < 1.3.29 / 1.53 SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

Binary data 1167.prm...

Apache-SSL < 1.47 mod_ssl i2d_SSL_SESSION Function Overflow

Binary data 1496.prm...

FreeBSD : Apache-SSL optional client certificate vulnerability (7)

The following package needs to be updated: apache+ssl %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7557a2b15d6311d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior

Apache-SSL optional client certificate vulnerability ---------------------------------------------------- Synopsis -------- If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to...

Apache-SSL optional client certificate vulnerability

From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...