Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0488

Published: 07/07/2004 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote malicious users to execute arbitrary code via a client certificate with a long subject DN.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 3.0

redhat enterprise linux server 2.0

redhat enterprise linux workstation 2.0

Vendor Advisories

Red Hat: apache, mod_ssl security update
Synopsis apache, mod_ssl security update Type/Severity Security Advisory: Moderate Topic Updated httpd and mod_ssl packages that fix minor security issues inthe Apache Web server are now available for Red Hat Enterprise Linux 21 Description The Apache HTTP Server is a powerful, full-featu ...
Red Hat: httpd security update
Synopsis httpd security update Type/Severity Security Advisory: Important Topic Updated httpd packages that fix a buffer overflow in mod_ssl and a remotelytriggerable memory leak are now available Description The Apache HTTP server is a powerful, full-featured, efficient, andfreely-availab ...
Debian Security Advisories: DSA-532-2 libapache-mod-ssl -- several vulnerabilities
Two vulnerabilities were discovered in libapache-mod-ssl: CAN-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_utilc for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN CAN-2004-0 ...

References

CWE-787http://www.securityfocus.com/bid/10355http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.htmlhttp://www.debian.org/security/2004/dsa-532https://bugzilla.fedora.us/show_bug.cgi?id=1888http://www.trustix.net/errata/2004/0031/http://security.gentoo.org/glsa/glsa-200406-05.xmlhttp://rhn.redhat.com/errata/RHSA-2004-245.htmlhttp://www.redhat.com/support/errata/RHSA-2004-342.htmlhttp://www.redhat.com/support/errata/RHSA-2004-405.htmlftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.aschttp://www.redhat.com/support/errata/RHSA-2005-816.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:054http://www.mandriva.com/security/advisories?name=MDKSA-2004:055http://marc.info/?l=bugtraq&m=108567431823750&w=2http://marc.info/?l=bugtraq&m=109215056218824&w=2http://marc.info/?l=bugtraq&m=109181600614477&w=2http://marc.info/?l=bugtraq&m=108619129727620&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16214https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11458https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2004:245https://www.debian.org/security/./dsa-532
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook