CVE-2004-0700

Sažetak

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
http://marc.info/?l=apache-modssl&m=109001100906749&w=2
http://marc.info/?l=bugtraq&m=109005001205991&w=2
http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
http://virulent.siyahsapka.org/
http://www.debian.org/security/2004/dsa-532
http://www.kb.cert.org/vuls/id/303448
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
http://www.osvdb.org/7929
http://www.redhat.com/support/errata/RHSA-2004-405.html
http://www.redhat.com/support/errata/RHSA-2004-408.html
http://www.securityfocus.com/bid/10736
http://www.ubuntu.com/usn/usn-177-1
https://bugzilla.fedora.us/show_bug.cgi?id=1888
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

27-07-2004 - 04:00