139 matches found
PT-2005-2275 · Apache +1 · Apache Mod Ssl +2
Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to an off-by-one error in the mod ssl Certificate Revocation List CRL verification callback, which can cause a denial of service child process crash via a CRL th...
DEBIAN-CVE-2004-0748
modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...
Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...
Debian DSA-135-1 : libapache-mod-ssl - buffer overflow / DoS
The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user regardless of ExecCGI / suexec settings, DoS attacks killing off apache children, and...
[SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 532-2 [email protected] http://www.debian.org/security/ Matt Zimmerman July 27th, 2004 http://www.debian.org/security/faq -...
mod_ssl ssl_util_uuencode_binary CA issue
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
[SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 532-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2004 http://www.debian.org/security/faq -...
DSA-532 libapache-mod-ssl - several vulnerabilities
Bulletin has no description...
DEBIAN-CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
PT-2004-1606 · Apache · Apache Mod Ssl +1
Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...
DEBIAN-CVE-2004-0113
Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...
DEBIAN-CVE-2003-0192
Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...
security flaw
Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...
CVE-2002-1157
Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...
security flaw
Off-by-one buffer overflow in the sslcompatdirective function, as called by the rewritecommand hook for modssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries...
PT-2002-1687 · Apache · Mod Ssl
Name of the Vulnerable Software and Affected Versions: mod ssl Apache module versions 2.8.9 and earlier Description: The issue is related to an off-by-one buffer overflow in the ssl compat directive function, which is called by the rewrite command hook. This allows local users to execute arbitrar...
[SECURITY] [DSA-135-1] buffer overflow / DoS in libapache-mod-ssl
------------------------------------------------------------------------ Debian Security Advisory DSA-135-1 [email protected] http://www.debian.org/security/ Robert van der Meulen July 2, 2002 - ------------------------------------------------------------------------ Package : libapache-mod-ssl...
DSA-135 libapache-mod-ssl -- buffer overflow / DoS
Bulletin has no description...
[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...