apache-ssl/apache-ssl: The latest CVE Vulnerabilities and Exploits for Penetration Test
apache-ssl/apache-ssl Vulnerability Summary
- Vendor name: apache-ssl
- Product name: apache-ssl
- Total vulnerabilities: 3 (as 2023-05-04)
apache-ssl/apache-ssl Vulnerability List
CVE-2008-0555: The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1)…
Published: 2008-04-04T00:44:00 Last Modified: 2018-10-15T22:01:00
Summary
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) ‘/’ and (2) ‘=’ characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2008-0555 vulnerability.
References
- http://www.cynops.de/advisories/CVE-2008-0555.txt
- http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt
- http://www.securityfocus.com/bid/28576
- http://www.apache-ssl.org/advisory-cve-2008-0555.txt
- http://www.securitytracker.com/id?1019784
- http://secunia.com/advisories/29644
- http://securityreason.com/securityalert/3797
- http://www.vupen.com/english/advisories/2008/1079/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41618
- http://www.securityfocus.com/archive/1/490386/100/0/threaded
See also: All popular products CVE Vulnerabilities of apache-ssl
CVE-2004-0009: Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth…
Published: 2004-03-03T05:00:00 Last Modified: 2017-10-10T01:30:00
Summary
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the “one-line DN” of the target user.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2004-0009 vulnerability.
References
- http://www.securityfocus.com/bid/9590
- http://www.apache-ssl.org/advisory-20040206.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html
- http://www.osvdb.org/3877
- http://marc.info/?l=bugtraq&m=107619127531765&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15065
See also: All popular products CVE Vulnerabilities of apache-ssl
CVE-2002-0082: The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before…
Published: 2002-03-15T05:00:00 Last Modified: 2016-10-18T02:16:00
Summary
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Exploits Database (Total Exploits Count: 3)
Code designed for conducting penetration testing on CVE-2002-0082 vulnerability.
- Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) by Brian Peters at 2019-07-07
- Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1) by spabam at 2003-04-04
- Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow by spabam at 2002-07-30
References
- http://www.iss.net/security_center/static/8308.php
- http://www.apacheweek.com/issues/02-03-01#security
- http://online.securityfocus.com/archive/1/258646
- http://www.linuxsecurity.com/advisories/other_advisory-1923.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
- http://www.redhat.com/support/errata/RHSA-2002-041.html
- http://www.redhat.com/support/errata/RHSA-2002-042.html
- http://www.redhat.com/support/errata/RHSA-2002-045.html
- http://www.debian.org/security/2002/dsa-120
- http://www.securityfocus.com/advisories/3965
- http://www.securityfocus.com/advisories/4008
- http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
- http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
- http://www.securityfocus.com/bid/4189
- http://marc.info/?l=bugtraq&m=101518491916936&w=2
- http://marc.info/?l=bugtraq&m=101528358424306&w=2
- http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
See also: All popular products CVE Vulnerabilities of apache-ssl