LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache mod_ssl format string vulnerability

Package(s):apache mod_ssl CVE #(s):
Created:July 16, 2004 Updated:August 6, 2004
Description: Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.
Alerts:
Conectiva CLA-2004:857 2004-08-06
Mandrake MDKSA-2004:075 2004-07-27
Slackware SSA:2004-207-02 2004-07-25
Gentoo 200407-18 2004-07-22
OpenPKG OpenPKG-SA-2004.032 2004-07-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds