Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-177-1
HistorySep 07, 2005 - 12:00 a.m.

Apache 2 vulnerabilities

2005-09-0700:00:00
ubuntu.com
39

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON

Releases

  • Ubuntu 5.04
  • Ubuntu 4.10

Details

Apache did not honour the “SSLVerifyClient require” directive within a

block if the surrounding block contained a
directive “SSLVerifyClient optional”. This allowed clients to bypass
client certificate validation on servers with the above configuration.
(CAN-2005-2700)

Filip Sneppe discovered a Denial of Service vulnerability in the byte
range filter handler. By requesting certain large byte ranges, a
remote attacker could cause memory exhaustion in the server.
(CAN-2005-2728)

The updated libapache-mod-ssl also fixes two older Denial of Service
vulnerabilities: A format string error in the ssl_log() function which
could be exploited to crash the server (CAN-2004-0700), and a flaw in
the SSL cipher negotiation which could be exploited to terminate a
session (CAN-2004-0885). Please note that Apache 1.3 and
libapache-mod-ssl are not officially supported (they are in the
“universe” component of the Ubuntu archive).

Related

nessus 39
centos 2
redhat 7
openvas 43
suse 5
osv 3
debian 6
ubuntucve 4
cve 4
f5 7
freebsd 2
httpd 3
debiancve 3
gentoo 3
checkpoint_advisories 1
cert 1
slackware 3
securityvulns 1
altlinux 3
nessus
nessus
Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)
2006-01-15 00:00:00
CentOS 3 / 4 : httpd (CESA-2005:608)
2006-07-03 00:00:00
Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)
2005-10-05 00:00:00
centos
centos
httpd, mod_ssl security update
2005-09-06 15:58:02
mod_ssl security update
2005-09-16 00:34:35
redhat
redhat
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
(RHSA-2004:408) mod_ssl security update
2004-09-07 00:00:00
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
openvas
openvas
SLES9: Security update for Apache2
2009-10-10 00:00:00
SLES9: Security update for Apache2
2009-10-10 00:00:00
Debian Security Advisory DSA 805-1 (apache2)
2008-01-17 00:00:00
suse
suse
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
cryptographic problems in apache2
2006-09-08 14:34:17
osv
osv
apache2 - several
2005-09-08 00:00:00
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
libapache-mod-ssl - several vulnerabilities
2004-07-27 00:00:00
debian
debian
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
ubuntucve
ubuntucve
CVE-2004-0700
2004-07-27 00:00:00
CVE-2005-2700
2005-09-06 00:00:00
CVE-2004-0885
2004-11-03 00:00:00
cve
cve
CVE-2004-0700
2004-07-27 04:00:00
CVE-2005-2700
2005-09-06 23:03:00
CVE-2004-0885
2004-11-03 05:00:00
f5
f5
K5534 : Apache mod_proxy message format vulnerability CAN-2004-0700
2013-03-28 00:00:00
K000138508 : mod_ssl vulnerability CVE-2004-0700
2024-02-06 00:00:00
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
2007-05-16 00:00:00
freebsd
freebsd
apache13-modssl -- format string vulnerability in proxy support
2004-07-16 00:00:00
mod_ssl -- SSLCipherSuite bypass
2004-10-01 00:00:00
httpd
httpd
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
2004-10-01 00:00:00
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
Apache Httpd < 2.0.55 : Byterange filter DoS
2005-07-07 00:00:00
debiancve
debiancve
CVE-2004-0885
2004-11-03 05:00:00
CVE-2005-2700
2005-09-06 23:03:00
CVE-2005-2728
2005-08-30 11:45:00
gentoo
gentoo
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
2004-10-21 00:00:00
Apache 2.0: Denial of Service vulnerability
2005-08-25 00:00:00
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Byte-Range Filter Denial of Service (CVE-2005-2728)
2010-07-25 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
[slackware-security] apache, mod_ssl, php
2004-10-26 00:40:01
slackware-current security updates
2005-09-08 15:55:02
securityvulns
securityvulns
mod_ssl &quot;SSLVerifyClient&quot; Security Bypass Security Issue
2005-09-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON
Related for USN-177-1
nessus39centos2redhat7openvas43suse5osv3debian6ubuntucve4cve4f57freebsd2httpd3debiancve3gentoo3checkpoint_advisories1cert1slackware3securityvulns1altlinux3