Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1268

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1268
Last Modified 07 Mar 2011 09:21:32
Published 05 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1268

Summary

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Vulnerable Systems

Application

  • Apache Http Server


References

MANDRAKE - MDKSA-2005:129

REDHAT - RHSA-2005:582

MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013

VUPEN - ADV-2006-0789

HP - SSRT051251

BID - 14366

SUSE - SUSE-SA:2005:046

SUSE - SUSE-SR:2005:018

DEBIAN - DSA-805

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

SUNALERT - 102198

SREASON - 604

SECUNIA - 19185

SECUNIA - 19072

TRUSTIX - TSLSA-2005-0059

HP - HPSBUX02074


Last Updated: 27 May 2016 10:40:44