Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0700

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0700
Last Modified 10 Sep 2008 03:27:29
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0700

Summary

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

Application

  • Mod Ssl 2.3.11

  • Mod Ssl 2.4.0

  • Mod Ssl 2.4.1

  • Mod Ssl 2.4.10

  • Mod Ssl 2.4.2

  • Mod Ssl 2.4.3

  • Mod Ssl 2.4.4

  • Mod Ssl 2.4.5

  • Mod Ssl 2.4.6

  • Mod Ssl 2.4.7

  • Mod Ssl 2.4.8

  • Mod Ssl 2.4.9

  • Mod Ssl 2.5.0

  • Mod Ssl 2.5.1

  • Mod Ssl 2.6.0

  • Mod Ssl 2.6.1

  • Mod Ssl 2.6.2

  • Mod Ssl 2.6.3

  • Mod Ssl 2.6.4

  • Mod Ssl 2.6.5

  • Mod Ssl 2.6.6

  • Mod Ssl 2.7.0

  • Mod Ssl 2.7.1

  • Mod Ssl 2.8.0

  • Mod Ssl 2.8.1

  • Mod Ssl 2.8.1.2

  • Mod Ssl 2.8.10

  • Mod Ssl 2.8.12

  • Mod Ssl 2.8.14

  • Mod Ssl 2.8.15

  • Mod Ssl 2.8.16

  • Mod Ssl 2.8.17

  • Mod Ssl 2.8.18

  • Mod Ssl 2.8.2

  • Mod Ssl 2.8.3

  • Mod Ssl 2.8.4

  • Mod Ssl 2.8.5

  • Mod Ssl 2.8.5.1

  • Mod Ssl 2.8.5.2

  • Mod Ssl 2.8.6

  • Mod Ssl 2.8.7

  • Mod Ssl 2.8.8

  • Mod Ssl 2.8.9


References

CERT-VN - VU#303448

XF - apache-modssl-format-string(16705)

FEDORA - FLSA:1888

BID - 10736

REDHAT - RHSA-2004:408

REDHAT - RHSA-2004:405

OSVDB - 7929

MANDRAKE - MDKSA-2004:075

DEBIAN - DSA-532

MISC - http://virulent.siyahsapka.org/

MISC - http://packetstormsecurity.org/0407-advisories/modsslFormat.txt

MLIST - [apache-modssl] 20040716 [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31

UBUNTU - USN-177-1

BUGTRAQ - 20040716 [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache)

CONECTIVA - CLA-2004:857


Last Updated: 27 May 2016 10:38:43