Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0885

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0885
Last Modified 07 Mar 2011 09:16:22
Published 03 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0885

Summary

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Vulnerable Systems

Application

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52


References

XF - apache-sslciphersuite-restriction-bypass(17671)

REDHAT - RHSA-2004:600

HP - HPSBUX01123

VUPEN - ADV-2006-0789

CONFIRM - http://www.apacheweek.com/features/security-20

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=31505

UBUNTU - USN-177-1

BID - 11360

REDHAT - RHSA-2008:0261

REDHAT - RHSA-2005:816

REDHAT - RHSA-2004:562

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

SUNALERT - 102198

SECUNIA - 19072

BUGTRAQ - 20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)

APPLE - APPLE-SA-2005-08-15

APPLE - APPLE-SA-2005-08-17


Last Updated: 27 May 2016 10:38:47