|
|
| |
|
| |
apache mod_ssl format string vulnerability
| Package(s): | apache mod_ssl |
CVE #(s): | |
| Created: | July 16, 2004 |
Updated: | August 6, 2004 |
| Description: |
Triggered by a report to Packet Storm from Virulent, a format string
vulnerability was found in mod_ssl, the Apache SSL/TLS interface to
OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl
in Apache 2.x is not affected. The vulnerability could be exploitable if
Apache is used as a proxy for HTTPS URLs and the attacker established a own
specially prepared DNS and origin server environment. |
| Alerts: |
|
( Log in to post comments)
|
|
|