3 results (0.004 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3

The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. La función ExpandCert en Apache-SSL versiones anteriores apache_1.3.41+ssl_1.59 no gestiona correctamente los caracteres (1) '/' y (2) '=' en un Distinguished Name (DN) de un certificado de cliente, lo cual puede permitir a atacantes remotos evitar autenticarse a través de un DN manipulado que dispara la sobreescritura de variables de entorno. • http://secunia.com/advisories/29644 http://securityreason.com/securityalert/3797 http://www.apache-ssl.org/advisory-cve-2008-0555.txt http://www.cynops.de/advisories/CVE-2008-0555.txt http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt http://www.securityfocus.com/archive/1/490386/100/0/threaded http://www.securityfocus.com/bid/28576 http://www.securitytracker.com/id?1019784 http://www.vupen.com/english/advisories/2008/1079/references https://exchange.xforce.i • CWE-20: Improper Input Validation CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. Apache-SSL 1.3.28+1.52 y anteriores, con SSLVerifyClient establecido a 1 ó 3 y SSLFakeBasicAuth activado, pemite a atantes remotos falsificar un certificado de cliente usando autenticación básica con el "DN de una línea" del usuario objetivo. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html http://marc.info/?l=bugtraq&m=107619127531765&w=2 http://www.apache-ssl.org/advisory-20040206.txt http://www.osvdb.org/3877 http://www.securityfocus.com/bid/9590 https://exchange.xforce.ibmcloud.com/vulnerabilities/15065 •

CVSS: 7.5EPSS: 47%CPEs: 14EXPL: 3

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. El código de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadamente la memoria usando la función i2d_SSL_SESSION, lo que permite a atacantes remotos usar un desbordamiento de buffer para ejecutar código arbitrario mediante un certificado de cliente largo firmado por una Autoricad Certificadora (CA) larga, lo que produce una sesión serializada larga. • https://www.exploit-db.com/exploits/47080 https://www.exploit-db.com/exploits/21671 https://www.exploit-db.com/exploits/764 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml http://marc.info/?l=bugtraq&m=101518491916936&w=2 http://marc.info/?l=bugtraq&m=101528358424306&w=2 http://online.securityfocus.com/archive/1/258646 http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote •