2 matches found
CVE-2008-0555
CVE-2008-0555 affects Apache-SSL: ExpandCert() mishandles '/' and '=' in a client certificate DN, enabling a crafted DN to overwrite environment variables and potentially bypass authentication. Affected: Apache-SSL before apache_1.3.41+ssl_1.59. Mitigation: upgrade to apache_1.3.41+ssl_1.59.
Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...