Lucene search
K

139 matches found

Positive Technologies
Positive Technologies
added 2005/06/08 12:0 a.m.6 views

PT-2005-2275 · Apache +1 · Apache Mod Ssl +2

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to an off-by-one error in the mod ssl Certificate Revocation List CRL verification callback, which can cause a denial of service child process crash via a CRL th...

5CVSS9.2AI score0.20461EPSS
Exploits1References40
OSV
OSV
added 2004/10/20 4:0 a.m.3 views

DEBIAN-CVE-2004-0748

modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...

5CVSS6.3AI score0.22307EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.38 views

Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities

Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...

7.5CVSS6.4AI score0.37681EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.36 views

Debian DSA-135-1 : libapache-mod-ssl - buffer overflow / DoS

The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user regardless of ExecCGI / suexec settings, DoS attacks killing off apache children, and...

7.8CVSS6AI score0.011EPSS
Exploits0References2
Debian
Debian
added 2004/07/27 4:41 p.m.46 views

[SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 532-2 [email protected] http://www.debian.org/security/ Matt Zimmerman July 27th, 2004 http://www.debian.org/security/faq -...

10AI score
Exploits0
RedHat Linux
RedHat Linux
added 2004/07/23 9:26 a.m.6 views

mod_ssl ssl_util_uuencode_binary CA issue

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...

7.5CVSS6.4AI score0.37681EPSS
Exploits0References4
Debian
Debian
added 2004/07/23 3:29 a.m.65 views

[SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 532-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2004 http://www.debian.org/security/faq -...

10AI score
Exploits0
OSV
OSV
added 2004/07/22 12:0 a.m.72 views

DSA-532 libapache-mod-ssl - several vulnerabilities

Bulletin has no description...

7.5CVSS6.3AI score0.37681EPSS
Exploits0
OSV
OSV
added 2004/07/07 4:0 a.m.1 views

DEBIAN-CVE-2004-0488

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...

7.5CVSS8.4AI score0.37681EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2004/05/17 12:0 a.m.3 views

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...

7.5CVSS7.1AI score0.37681EPSS
Exploits0References36
OSV
OSV
added 2004/03/29 5:0 a.m.1 views

DEBIAN-CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

5CVSS6.8AI score0.09898EPSS
Exploits0References1
OSV
OSV
added 2003/08/18 4:0 a.m.2 views

DEBIAN-CVE-2003-0192

Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...

6.4CVSS6.8AI score0.05993EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2002/11/07 5:42 p.m.4 views

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

7.5CVSS5.8AI score0.94006EPSS
Exploits0References4
NVD
NVD
added 2002/11/04 5:0 a.m.21 views

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

7.5CVSS6.1AI score0.09701EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2002/07/31 3:58 p.m.6 views

security flaw

Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...

7.8CVSS6.4AI score0.011EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2002/07/11 12:0 a.m.4 views

PT-2002-1687 · Apache · Mod Ssl

Name of the Vulnerable Software and Affected Versions: mod ssl Apache module versions 2.8.9 and earlier Description: The issue is related to an off-by-one buffer overflow in the ssl compat directive function, which is called by the rewrite command hook. This allows local users to execute arbitrar...

7.8CVSS7.7AI score0.011EPSS
Exploits0References22
Debian
Debian
added 2002/07/02 12:12 p.m.14 views

[SECURITY] [DSA-135-1] buffer overflow / DoS in libapache-mod-ssl

------------------------------------------------------------------------ Debian Security Advisory DSA-135-1 [email protected] http://www.debian.org/security/ Robert van der Meulen July 2, 2002 - ------------------------------------------------------------------------ Package : libapache-mod-ssl...

8.2AI score
Exploits0
OSV
OSV
added 2002/07/02 12:0 a.m.34 views

DSA-135 libapache-mod-ssl -- buffer overflow / DoS

Bulletin has no description...

7.8CVSS7.6AI score0.011EPSS
Exploits0
Debian
Debian
added 2002/03/10 10:44 p.m.10 views

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

8.3AI score
Exploits0
Rows per page
Query Builder