CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-0555
https://notcve.org/view.php?id=CVE-2008-0555
04 Apr 2008 — The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. La función ExpandCert en Apache-SSL versiones anteriores apache_1.3.41+ssl_1.59 no gestiona correctamente los caracteres (1) '/' y (2) '=' en un Distinguished Name (DN) de un certificado de cliente, lo cua... • http://secunia.com/advisories/29644 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0009
https://notcve.org/view.php?id=CVE-2004-0009
03 Mar 2004 — Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. Apache-SSL 1.3.28+1.52 y anteriores, con SSLVerifyClient establecido a 1 ó 3 y SSLFakeBasicAuth activado, pemite a atantes remotos falsificar un certificado de cliente usando autenticación básica con el "DN de una línea" del usuario objetivo. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html •
CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 5CVE-2002-0082 – Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0082
15 Mar 2002 — The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. El código de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadament... • https://packetstorm.news/files/id/153567 •