Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0653

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-0653
Last Modified 10 Sep 2008 03:12:39
Published 11 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0653

Summary

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

Vulnerable Systems

Application

  • Mod Ssl 2.8.9


References

BID - 5084

REDHAT - RHSA-2003:106

REDHAT - RHSA-2002:146

REDHAT - RHSA-2002:136

REDHAT - RHSA-2002:135

REDHAT - RHSA-2002:134

SUSE - SuSE-SA:2002:028

MANDRAKE - MDKSA-2002:048

XF - apache-modssl-htaccess-bo(9415)

DEBIAN - DSA-135

REDHAT - RHSA-2002:164

VULN-DEV - 20020622 Another flaw in Apache?

ENGARDE - ESA-20020702-017

BUGTRAQ - 20020624 Apache mod_ssl off-by-one vulnerability

CONECTIVA - CLA-2002:504

HP - HPSBTL0207-052

BUGTRAQ - 20020628 TSL-2002-0058 - apache/mod_ssl

CALDERA - CSSA-2002-031.0


Last Updated: 27 May 2016 10:37:00