Russian Vulnerability Scanner Database

Back to List

CVE-2004-0488

Scores

EPSS

0.627medium62.7%
0%20%40%60%80%100%

Percentile: 62.7%

CVSS

7.5high2.0
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhat

CWEs

CWE-787

Recommendations

Source: nvd

Apache 1.x users should upgrade to the latest version of mod_ssl:

# emerge sync

# emerge -pv “>=net-www/mod_ssl-2.8.18”
# emerge “>=net-www/mod_ssl-2.8.18”

Apache 2.x users should upgrade to the latest version of Apache:

# emerge sync

# emerge -pv “>=www-servers/apache-2.0.49-r3”
# emerge “>=www-servers/apache-2.0.49-r3”

URL: http://security.gentoo.org/glsa/glsa-200406-05.xml

Vulnerable Software (13)

Type: Configuration

Product: apache2

Operating System: debian

Trait: 
{  "fixed": "2.0.50-1"}

Source: debian

Type: Configuration

Product: httpd

Operating System: rhel 3

Trait: 
{  "fixed": "2.0.46-32.ent.3"}

Source: redhat

Type: Configuration

Product: jabberd

Operating System: rhel

Trait: 
{  "fixed": "2.0s10-3.37.rhn"}

Source: redhat

Type: Configuration

Product: jabberd

Operating System: rhel

Trait: 
{  "fixed": "2.0s10-3.38.rhn"}

Source: redhat

Type: Configuration

Product: libapache-mod-ssl

Operating System: debian

Trait: 
{  "fixed": "2.8.19-1"}

Source: debian

Type: Configuration

Product: rhn-apache

Operating System: rhel

Trait: 
{  "fixed": "1.3.27-36.rhn.rhel3"}

Source: redhat

Type: Configuration

Product: rhn-apache

Operating System: rhel

Trait: 
{  "fixed": "1.3.27-36.rhn.rhel4"}

Source: redhat

Type: Configuration

Product: rhn-modperl

Operating System: rhel

Trait: 
{  "fixed": "1.29-16.rhel3"}

Source: redhat

Type: Configuration

Product: rhn-modperl

Operating System: rhel

Trait: 
{  "fixed": "1.29-16.rhel4"}

Source: redhat

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_work...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_workstation

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_work...

Source: nvd

Type: Configuration

Vendor: *

Product: http_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",      "versionEndExcluding": "2.0.50",      "versionStartIncluding": "2.0.35",      "vulnerable": true    ...

Source: nvd

End of list