633 matches found
CVE-2002-0082
The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...
CVE-2002-0082
CVE-2002-0082 affects mod_ssl and Apache-SSL where memory is not properly initialized during SSL_SESSION serialization (i2d_SSL_SESSION), enabling a remote attacker to trigger a buffer overflow with a large client certificate signed by a trusted CA. This can lead to arbitrary code execution on vu...
Re: Another flaw in Apache?
Further investigation show that the flaw is not in Apache itself, but in modssl, so it's probably not an OpenBSD-specific bug. It's just not triggered on systems where modssl isn't compiled in. The overflow is the sslcompatdirective function in src/modules/ssl/sslenginecompat.c . -- /- Frank DENI...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to...
new apache/mod_ssl packages available
...
CVE-2002-0082
The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...
[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...
Important: Red Hat Security Advisory: : Updated mod_ssl packages available
Updated modssl packages for Red Hat Linux 7, 7.1, and 7.2 are available which close a buffer overflow in modssl. When session caching is enabled, modssl will serialize SSL session variables to store them for later use. Unpatched versions of modssl prior to version 2.8.7 which use the 'shm' or 'db...
Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
According to the web server banner, the remote host is using a vulnerable version of modssl. This version has a buffer overflow vulnerability. A remote attacker could exploit this issue to execute arbitrary code. Some vendors patched older versions of modssl, so this might be a false positive...
mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine
Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...
mod_ssl Buffer Overflow Condition (Update Available)
modssl Buffer Overflow Condition Update Available -------------------------------------------------------- SYNOPSIS modssl www.modssl.org is a commonly used Apache module that provides strong cryptography for the Apache web server. The module utilizes OpenSSL formerly SSLeay for the SSL...
Переполнение буфера в mod_ssl под Apache (buffer overflow)
Переполнение буфера при работе с идентификатором сеанса...