Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote malicious users to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
redhat enterprise linux desktop 3.0 |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |
||
redhat enterprise linux workstation 3.0 |
||
redhat enterprise linux server 3.0 |
||
debian debian linux 3.1 |