Lucene search
K

633 matches found

Cvelist
Cvelist
added 2002/06/25 4:0 a.m.39 views

CVE-2002-0082

The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...

7.7AI score0.29878EPSS
Exploits1References18
CVE
CVE
added 2002/06/25 4:0 a.m.243 views

CVE-2002-0082

CVE-2002-0082 affects mod_ssl and Apache-SSL where memory is not properly initialized during SSL_SESSION serialization (i2d_SSL_SESSION), enabling a remote attacker to trigger a buffer overflow with a large client certificate signed by a trusted CA. This can lead to arbitrary code execution on vu...

7.5CVSS7.7AI score0.29878EPSS
Exploits1References18Affected Software2
securityvulns
securityvulns
added 2002/06/24 12:0 a.m.33 views

Re: Another flaw in Apache?

Further investigation show that the flaw is not in Apache itself, but in modssl, so it's probably not an OpenBSD-specific bug. It's just not triggered on systems where modssl isn't compiled in. The overflow is the sslcompatdirective function in src/modules/ssl/sslenginecompat.c . -- /- Frank DENI...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2002/06/22 12:0 a.m.76 views

Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow

Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...

1.5AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/22 12:0 a.m.53 views

Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow

source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to...

7.4AI score
Exploits0
Slackware Linux
Slackware Linux
added 2002/06/19 9:18 p.m.10 views

new apache/mod_ssl packages available

...

7.1AI score
Exploits0
NVD
NVD
added 2002/03/15 5:0 a.m.20 views

CVE-2002-0082

The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...

7.5CVSS7.8AI score0.29878EPSS
Exploits1References18
Debian
Debian
added 2002/03/10 10:44 p.m.11 views

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2002/03/08 12:36 a.m.7 views

Important: Red Hat Security Advisory: : Updated mod_ssl packages available

Updated modssl packages for Red Hat Linux 7, 7.1, and 7.2 are available which close a buffer overflow in modssl. When session caching is enabled, modssl will serialize SSL session variables to store them for later use. Unpatched versions of modssl prior to version 2.8.7 which use the 'shm' or 'db...

7.5CVSS6.3AI score0.29878EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2002/03/08 12:0 a.m.68 views

Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow

According to the web server banner, the remote host is using a vulnerable version of modssl. This version has a buffer overflow vulnerability. A remote attacker could exploit this issue to execute arbitrary code. Some vendors patched older versions of modssl, so this might be a false positive...

7.5CVSS5.8AI score0.29878EPSS
Exploits1References2
CERT
CERT
added 2002/03/01 12:0 a.m.55 views

mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine

Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...

7AI score
Exploits0References5
securityvulns
securityvulns
added 2002/02/28 12:0 a.m.28 views

mod_ssl Buffer Overflow Condition (Update Available)

modssl Buffer Overflow Condition Update Available -------------------------------------------------------- SYNOPSIS modssl www.modssl.org is a commonly used Apache module that provides strong cryptography for the Apache web server. The module utilizes OpenSSL formerly SSLeay for the SSL...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2002/02/28 12:0 a.m.33 views

Переполнение буфера в mod_ssl под Apache (buffer overflow)

Переполнение буфера при работе с идентификатором сеанса...

2.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder