Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0009

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0009
Last Modified 05 Sep 2008 04:37:17
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0009

Summary

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.

Vulnerable Systems

Application

  • Apache-ssl 1.3.28 1.52


References

BUGTRAQ - 20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior

XF - apachessl-default-password(15065)

BID - 9590

CONFIRM - http://www.apache-ssl.org/advisory-20040206.txt

OSVDB - 3877

FULLDISC - 20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior


Last Updated: 27 May 2016 10:38:26