Product:

Mod_ssl

(Mod_ssl)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2005-09-06 CVE-2005-2700 ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. Http_server, Mod_ssl, Enterprise_linux, Enterprise_linux_desktop N/A
2004-07-07 CVE-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Http_server, Linux, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Mod_ssl, Openbsd, Propack, Tinysofa_enterprise_server, Secure_linux N/A
2004-07-27 CVE-2004-0700 Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. Linux, Mod_ssl N/A
2002-11-04 CVE-2002-1157 Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Mod_ssl N/A
2002-07-11 CVE-2002-0653 Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. Mod_ssl N/A
2002-03-15 CVE-2002-0082 The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. Apache\-Ssl, Mod_ssl N/A