Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-532
HistoryJul 27, 2004 - 12:00 a.m.

libapache-mod-ssl - several vulnerabilities

2004-07-2700:00:00
Google
osv.dev
43

0.901 High

EPSS

Percentile

98.8%

JSON

Two vulnerabilities were discovered in libapache-mod-ssl:

  • CAN-2004-0488
    Stack-based buffer overflow in the
    ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
    when mod_ssl is configured to trust the issuing CA, may allow remote
    attackers to execute arbitrary code via a client certificate with a
    long subject DN.

  • CAN-2004-0700
    Format string vulnerability in the ssl_log function
    in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
    remote attackers to execute arbitrary messages via format string
    specifiers in certain log messages for HTTPS.

For the current stable distribution (woody), these problems have been
fixed in version 2.8.9-2.4.

For the unstable distribution (sid), CAN-2004-0488 was fixed in
version 2.8.18, and CAN-2004-0700 will be fixed soon.

We recommend that you update your libapache-mod-ssl package.

Related

openvas 15
debian 2
nessus 20
cve 2
ubuntucve 2
f5 5
redhat 3
cvelist 2
nvd 2
freebsd 1
securityvulns 1
gentoo 1
debiancve 1
slackware 1
httpd 1
ubuntu 1
openvas
openvas
Debian: Security Advisory (DSA-532-1)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-532)
2008-01-17 00:00:00
Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
2004-07-23 03:29:33
[SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities
2004-07-27 16:41:32
nessus
nessus
Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
2004-09-29 00:00:00
Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:075)
2004-07-31 00:00:00
Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
2004-07-16 00:00:00
cve
cve
CVE-2004-0700
2004-07-27 04:00:00
CVE-2004-0488
2004-07-07 04:00:00
ubuntucve
ubuntucve
CVE-2004-0700
2004-07-27 00:00:00
CVE-2004-0488
2004-07-07 00:00:00
f5
f5
K000138508 : mod_ssl vulnerability CVE-2004-0700
2024-02-06 00:00:00
K5534 : Apache mod_proxy message format vulnerability CAN-2004-0700
2013-03-28 00:00:00
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
2007-05-16 00:00:00
redhat
redhat
(RHSA-2004:408) mod_ssl security update
2004-09-07 00:00:00
(RHSA-2004:342) httpd security update
2004-07-06 00:00:00
(RHSA-2004:245) apache, mod_ssl security update
2004-06-14 00:00:00
cvelist
cvelist
CVE-2004-0700
2004-07-21 04:00:00
CVE-2004-0488
2004-05-28 04:00:00
nvd
nvd
CVE-2004-0700
2004-07-27 04:00:00
CVE-2004-0488
2004-07-07 04:00:00
freebsd
freebsd
apache13-modssl -- format string vulnerability in proxy support
2004-07-16 00:00:00
securityvulns
securityvulns
[OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)
2004-06-03 00:00:00
gentoo
gentoo
Apache: Buffer overflow in mod_ssl
2004-06-09 00:00:00
debiancve
debiancve
CVE-2004-0488
2004-07-07 04:00:00
slackware
slackware
mod_ssl
2004-06-02 12:24:39
httpd
httpd
Apache Httpd < 2.0.50 : FakeBasicAuth overflow
2004-07-01 00:00:00
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00

0.901 High

EPSS

Percentile

98.8%

JSON
Related for OSV:DSA-532
openvas15debian2nessus20cve2ubuntucve2f55redhat3cvelist2nvd2freebsd1securityvulns1gentoo1debiancve1slackware1httpd1ubuntu1