Vulnerabilites related to apache-ssl - apache-ssl
cve-2008-0555
Vulnerability from cvelistv5
Published
2008-04-04 00:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3797 | third-party-advisory, x_refsource_SREASON | |
| http://www.cynops.de/advisories/CVE-2008-0555.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/1079/references | vdb-entry, x_refsource_VUPEN | |
| http://www.apache-ssl.org/advisory-cve-2008-0555.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41618 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28576 | vdb-entry, x_refsource_BID | |
| http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt | x_refsource_MISC | |
| http://secunia.com/advisories/29644 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1019784 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/490386/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3797",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cynops.de/advisories/CVE-2008-0555.txt"
},
{
"name": "ADV-2008-1079",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1079/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt"
},
{
"name": "apachessl-expandcert-information-disclosure(41618)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41618"
},
{
"name": "28576",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt"
},
{
"name": "29644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29644"
},
{
"name": "1019784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019784"
},
{
"name": "20080402 ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490386/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) \u0027/\u0027 and (2) \u0027=\u0027 characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3797",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cynops.de/advisories/CVE-2008-0555.txt"
},
{
"name": "ADV-2008-1079",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1079/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt"
},
{
"name": "apachessl-expandcert-information-disclosure(41618)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41618"
},
{
"name": "28576",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt"
},
{
"name": "29644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29644"
},
{
"name": "1019784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019784"
},
{
"name": "20080402 ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490386/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) \u0027/\u0027 and (2) \u0027=\u0027 characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3797",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3797"
},
{
"name": "http://www.cynops.de/advisories/CVE-2008-0555.txt",
"refsource": "MISC",
"url": "http://www.cynops.de/advisories/CVE-2008-0555.txt"
},
{
"name": "ADV-2008-1079",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1079/references"
},
{
"name": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt",
"refsource": "MISC",
"url": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt"
},
{
"name": "apachessl-expandcert-information-disclosure(41618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41618"
},
{
"name": "28576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28576"
},
{
"name": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt",
"refsource": "MISC",
"url": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt"
},
{
"name": "29644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29644"
},
{
"name": "1019784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019784"
},
{
"name": "20080402 ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490386/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0555",
"datePublished": "2008-04-04T00:00:00",
"dateReserved": "2008-02-01T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0009
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15065 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/3877 | vdb-entry, x_refsource_OSVDB | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html | mailing-list, x_refsource_FULLDISC | |
| http://www.apache-ssl.org/advisory-20040206.txt | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=107619127531765&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9590 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apachessl-default-password(15065)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15065"
},
{
"name": "3877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3877"
},
{
"name": "20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache-ssl.org/advisory-20040206.txt"
},
{
"name": "20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107619127531765\u0026w=2"
},
{
"name": "9590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the \"one-line DN\" of the target user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apachessl-default-password(15065)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15065"
},
{
"name": "3877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3877"
},
{
"name": "20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache-ssl.org/advisory-20040206.txt"
},
{
"name": "20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107619127531765\u0026w=2"
},
{
"name": "9590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the \"one-line DN\" of the target user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apachessl-default-password(15065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15065"
},
{
"name": "3877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3877"
},
{
"name": "20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html"
},
{
"name": "http://www.apache-ssl.org/advisory-20040206.txt",
"refsource": "CONFIRM",
"url": "http://www.apache-ssl.org/advisory-20040206.txt"
},
{
"name": "20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107619127531765\u0026w=2"
},
{
"name": "9590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0009",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-05T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0082
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CSSA-2002-011.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"
},
{
"name": "4189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4189"
},
{
"name": "RHSA-2002:045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"
},
{
"name": "HPSBUX0204-190",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/4008"
},
{
"name": "20020301 Apache-SSL buffer overflow (fix available)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101518491916936\u0026w=2"
},
{
"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/258646"
},
{
"name": "MDKSA-2002:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"
},
{
"name": "ESA-20020301-005",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"
},
{
"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101528358424306\u0026w=2"
},
{
"name": "RHSA-2002:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"
},
{
"name": "apache-modssl-bo(8308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8308.php"
},
{
"name": "RHSA-2002:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apacheweek.com/issues/02-03-01#security"
},
{
"name": "SSRT0817",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ",
"x_transferred"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"
},
{
"name": "CLA-2002:465",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000465"
},
{
"name": "HPSBTL0203-031",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/3965"
},
{
"name": "DSA-120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T16:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CSSA-2002-011.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"
},
{
"name": "4189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4189"
},
{
"name": "RHSA-2002:045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"
},
{
"name": "HPSBUX0204-190",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/advisories/4008"
},
{
"name": "20020301 Apache-SSL buffer overflow (fix available)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101518491916936\u0026w=2"
},
{
"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/258646"
},
{
"name": "MDKSA-2002:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"
},
{
"name": "ESA-20020301-005",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"
},
{
"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101528358424306\u0026w=2"
},
{
"name": "RHSA-2002:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"
},
{
"name": "apache-modssl-bo(8308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8308.php"
},
{
"name": "RHSA-2002:041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apacheweek.com/issues/02-03-01#security"
},
{
"name": "SSRT0817",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"
},
{
"name": "CLA-2002:465",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000465"
},
{
"name": "HPSBTL0203-031",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/advisories/3965"
},
{
"name": "DSA-120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-011.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"
},
{
"name": "4189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4189"
},
{
"name": "RHSA-2002:045",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"
},
{
"name": "HPSBUX0204-190",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/4008"
},
{
"name": "20020301 Apache-SSL buffer overflow (fix available)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101518491916936\u0026w=2"
},
{
"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/258646"
},
{
"name": "MDKSA-2002:020",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"
},
{
"name": "ESA-20020301-005",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"
},
{
"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101528358424306\u0026w=2"
},
{
"name": "RHSA-2002:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"
},
{
"name": "apache-modssl-bo(8308)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8308.php"
},
{
"name": "RHSA-2002:041",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"
},
{
"name": "http://www.apacheweek.com/issues/02-03-01#security",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/issues/02-03-01#security"
},
{
"name": "SSRT0817",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"
},
{
"name": "CLA-2002:465",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000465"
},
{
"name": "HPSBTL0203-031",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/3965"
},
{
"name": "DSA-120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-120"
},
{
"name": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0082",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-01T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-04-04 00:44
Modified
2024-11-21 00:42
Severity ?
Summary
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache-ssl | apache-ssl | 1.3.34_1.57 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.3.34_1.57:*:*:*:*:*:*:*",
"matchCriteriaId": "F97198C6-EE6A-43C2-B69B-7026505F7DC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) \u0027/\u0027 and (2) \u0027=\u0027 characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables."
},
{
"lang": "es",
"value": "La funci\u00f3n ExpandCert en Apache-SSL versiones anteriores apache_1.3.41+ssl_1.59 no gestiona correctamente los caracteres (1) \u0027/\u0027 y (2) \u0027=\u0027 en un Distinguished Name (DN) de un certificado de cliente, lo cual puede permitir a atacantes remotos evitar autenticarse a trav\u00e9s de un DN manipulado que dispara la sobreescritura de variables de entorno."
}
],
"id": "CVE-2008-0555",
"lastModified": "2024-11-21T00:42:22.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-04T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29644"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3797"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cynops.de/advisories/CVE-2008-0555.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490386/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28576"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019784"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1079/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.apache-ssl.org/advisory-cve-2008-0555.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cynops.de/advisories/CVE-2008-0555.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490386/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1079/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41618"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache-ssl | apache-ssl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4640173C-EA49-4FF8-95C6-6B771542626C",
"versionEndIncluding": "1.3.28_1.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the \"one-line DN\" of the target user."
},
{
"lang": "es",
"value": "Apache-SSL 1.3.28+1.52 y anteriores, con SSLVerifyClient establecido a 1 \u00f3 3 y SSLFakeBasicAuth activado, pemite a atantes remotos falsificar un certificado de cliente usando autenticaci\u00f3n b\u00e1sica con el \"DN de una l\u00ednea\" del usuario objetivo."
}
],
"id": "CVE-2004-0009",
"lastModified": "2024-11-20T23:47:34.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107619127531765\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.apache-ssl.org/advisory-20040206.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3877"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9590"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107619127531765\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.apache-ssl.org/advisory-20040206.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache-ssl | apache-ssl | 1.40 | |
| apache-ssl | apache-ssl | 1.41 | |
| apache-ssl | apache-ssl | 1.42 | |
| apache-ssl | apache-ssl | 1.44 | |
| apache-ssl | apache-ssl | 1.45 | |
| apache-ssl | apache-ssl | 1.46 | |
| mod_ssl | mod_ssl | 2.7.1 | |
| mod_ssl | mod_ssl | 2.8 | |
| mod_ssl | mod_ssl | 2.8.1 | |
| mod_ssl | mod_ssl | 2.8.2 | |
| mod_ssl | mod_ssl | 2.8.3 | |
| mod_ssl | mod_ssl | 2.8.4 | |
| mod_ssl | mod_ssl | 2.8.5 | |
| mod_ssl | mod_ssl | 2.8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF77CC7-14EE-44E6-ADD8-17DEFD336BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "075C7AD9-B254-4CAD-8E71-D0DB542D90E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "FD50710F-6471-4CB7-9047-BC0285F92A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF68B78-F29E-4A4F-9F7B-E408F606C14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A3154AB7-23F9-4D0D-935A-D530DC1F110C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "2716A670-2751-4348-8F56-0F2427D660CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB888875-1AFC-4569-B783-CDE92B717882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1E3411-A16E-4B11-983D-C83644B471CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C39E94EF-FEF4-41CA-BCD5-F3273D40D0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08A7DE9F-3088-445E-A09A-FC8E155C4E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3906A1FB-3105-4248-B9D2-B915AEF90E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1DB98C0-A15B-4186-8DAC-D906ABBEC2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "15B615EC-D5AF-4C62-AF0A-453F7FD11DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50211658-1959-4E97-9FF5-6ABAF3B98C36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."
},
{
"lang": "es",
"value": "El c\u00f3digo de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadamente la memoria usando la funci\u00f3n i2d_SSL_SESSION, lo que permite a atacantes remotos usar un desbordamiento de buffer para ejecutar c\u00f3digo arbitrario mediante un certificado de cliente largo firmado por una Autoricad Certificadora (CA) larga, lo que produce una sesi\u00f3n serializada larga."
}
],
"id": "CVE-2002-0082",
"lastModified": "2024-11-20T23:38:15.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000465"
},
{
"source": "cve@mitre.org",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101518491916936\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101528358424306\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/258646"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.apacheweek.com/issues/02-03-01#security"
},
{
"source": "cve@mitre.org",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-120"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8308.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/3965"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/4008"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101518491916936\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101528358424306\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/258646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.apacheweek.com/issues/02-03-01#security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8308.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/3965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/4008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4189"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}