|
|
Log in / Subscribe / Register

Apache mod_ssl off-by-one local code execution and DoS vulnerability

Package(s):libapache-mod-ssl mod_ssl CVE #(s):CAN-2002-0653
Created:July 2, 2002 Updated:August 14, 2002
Description: Mod-ssl provides strong cryptography for the Apache webserver via the Secure Sockets Layer (SSL). A maliciously-crafted .htaccess file, may be used by an attacker to execute arbitrary commands as the httpd user or launch a denial of service attack. The problem is fixed in mod_ssl 2.8.10 which is available from here.

For more information see the announcement.

Alerts:
Mandrake MDKSA-2002:048 mod_ssl 2002-08-08
Yellow Dog YDU-20020801-1 mod_ssl 2002-08-01
Eridani ERISA-2002:029 mod_ssl 2002-07-25
SCO Group CSSA-2002-031.0 mod_ssl 2002-07-16
Red Hat RHSA-2002:134-12 mod_ssl 2002-07-16
EnGarde ESA-20020702-017 mod_ssl 2002-07-02
Conectiva CLA-2002:504 apache 2002-07-02
Debian DSA-135-1 libapache-mod-ssl 2002-07-02
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds