CVE-2004-0009
https://notcve.org/view.php?id=CVE-2004-0009
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. Apache-SSL 1.3.28+1.52 y anteriores, con SSLVerifyClient establecido a 1 ó 3 y SSLFakeBasicAuth activado, pemite a atantes remotos falsificar un certificado de cliente usando autenticación básica con el "DN de una línea" del usuario objetivo. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html http://marc.info/?l=bugtraq&m=107619127531765&w=2 http://www.apache-ssl.org/advisory-20040206.txt http://www.osvdb.org/3877 http://www.securityfocus.com/bid/9590 https://exchange.xforce.ibmcloud.com/vulnerabilities/15065 •
CVE-2004-1082
https://notcve.org/view.php?id=CVE-2004-1082
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.ciac.org/ciac/bulletins/p-049.shtml http://www.securityfocus.com/bid/9571 http://www.securitytracker.com/alerts/2004/Dec/1012414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 •
CVE-2003-0771
https://notcve.org/view.php?id=CVE-2003-0771
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. Gallery.pm en Apache::Gallery (también llamado A::G) usa nombres de ficheros temporales predecibles cuando ejecuta Inline::C, lo que permite a usuarios locales ejecutar código arbitrario creando y modificando los ficheros antes de que Apache::Gallery lo haga. • http://marc.info/?l=bugtraq&m=106304236914921&w=2 •
CVE-2002-0082 – Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0082
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. El código de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadamente la memoria usando la función i2d_SSL_SESSION, lo que permite a atacantes remotos usar un desbordamiento de buffer para ejecutar código arbitrario mediante un certificado de cliente largo firmado por una Autoricad Certificadora (CA) larga, lo que produce una sesión serializada larga. • https://www.exploit-db.com/exploits/47080 https://www.exploit-db.com/exploits/21671 https://www.exploit-db.com/exploits/764 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml http://marc.info/?l=bugtraq&m=101518491916936&w=2 http://marc.info/?l=bugtraq&m=101528358424306&w=2 http://online.securityfocus.com/archive/1/258646 http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote •