Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mod_ssl vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0987
mod_digest for Apache prior to 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
Apache Http Server
7.5
CVSSv2
CVE-2002-0082
The dbm and shm session cache code in mod_ssl prior to 2.8.7-1.3.23, and Apache-SSL prior to 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote malicious users to use a buffer overflow to execute arbitrary code via a large cli...
Apache-ssl Apache-ssl 1.45
Apache-ssl Apache-ssl 1.46
Mod Ssl Mod Ssl 2.8.5
Mod Ssl Mod Ssl 2.8.6
Apache-ssl Apache-ssl 1.42
Apache-ssl Apache-ssl 1.44
Mod Ssl Mod Ssl 2.8.3
Mod Ssl Mod Ssl 2.8.4
Mod Ssl Mod Ssl 2.7.1
Mod Ssl Mod Ssl 2.8
Apache-ssl Apache-ssl 1.40
Apache-ssl Apache-ssl 1.41
Mod Ssl Mod Ssl 2.8.1
Mod Ssl Mod Ssl 2.8.2
3 EDB exploits
3 Github repositories
7.5
CVSSv2
CVE-2004-0885
The mod_ssl module in Apache 2.0.35 up to and including 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.50
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.52
Apache Http Server 2.0.51
Apache Http Server 2.0.41
Apache Http Server 2.0.49
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.46
Apache Http Server 2.0.43
4.6
CVSSv2
CVE-2002-0653
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and previous versions, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
Modssl Mod Ssl
1 EDB exploit
5
CVSSv2
CVE-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote malicious users to cause a denial of service (segmentation fault).
Apache Http Server
1 EDB exploit
7.5
CVSSv2
CVE-2004-0700
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl prior to 2.8.19 for Apache prior to 1.3.31 may allow remote malicious users to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are ha...
Mod Ssl Mod Ssl 2.4.10
Mod Ssl Mod Ssl 2.4.2
Mod Ssl Mod Ssl 2.4.9
Mod Ssl Mod Ssl 2.5.0
Mod Ssl Mod Ssl 2.6.6
Mod Ssl Mod Ssl 2.7.0
Mod Ssl Mod Ssl 2.8.14
Mod Ssl Mod Ssl 2.8.15
Mod Ssl Mod Ssl 2.8.5
Mod Ssl Mod Ssl 2.8.5.1
Mod Ssl Mod Ssl 2.4.0
Mod Ssl Mod Ssl 2.4.1
Mod Ssl Mod Ssl 2.4.7
Mod Ssl Mod Ssl 2.4.8
Mod Ssl Mod Ssl 2.6.4
Mod Ssl Mod Ssl 2.6.5
Mod Ssl Mod Ssl 2.8.10
Mod Ssl Mod Ssl 2.8.12
Mod Ssl Mod Ssl 2.8.3
Mod Ssl Mod Ssl 2.8.4
Mod Ssl Mod Ssl 2.4.3
Mod Ssl Mod Ssl 2.4.4
10
CVSSv2
CVE-2005-2700
ssl_engine_kernel.c in mod_ssl prior to 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote malicious users to bypass intende...
Apache Http Server
Debian Debian Linux 3.1
Debian Debian Linux 3.0
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
5.4
CVSSv2
CVE-2005-3357
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote malicious users to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer derefere...
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.50
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.55
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.52
Apache Http Server 2.0.53
Apache Http Server 2.0.51
Apache Http Server 2.0.28
Apache Http Server 2.0.41
Apache Http Server 2.0.49
Apache Http Server 2.0.9
Apache Http Server 2.0.32
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.46
7.5
CVSSv2
CVE-2004-0488
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote malicious users to execute arbitrary code via a client certificate with a long subject DN.
Apache Http Server
Debian Debian Linux 3.0
Redhat Enterprise Linux Server 2.0
Redhat Enterprise Linux Workstation 2.0
10
CVSSv2
CVE-2004-0492
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote malicious users to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data ...
Hp Webproxy 2.0
Hp Virtualvault 11.0.4
Apache Http Server 1.3.27
Ibm Http Server 1.3.28
Apache Http Server 1.3.28
Apache Http Server 1.3.31
Hp Webproxy 2.1
Ibm Http Server 1.3.26.1
Apache Http Server 1.3.26
Apache Http Server 1.3.29
Sgi Propack 2.4
Ibm Http Server 1.3.26
Ibm Http Server 1.3.26.2
Hp Vvos 11.04
Openbsd Openbsd 3.5
Openbsd Openbsd
Openbsd Openbsd 3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »