1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-0555
https://notcve.org/view.php?id=CVE-2008-0555
04 Apr 2008 — The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. La función ExpandCert en Apache-SSL versiones anteriores apache_1.3.41+ssl_1.59 no gestiona correctamente los caracteres (1) '/' y (2) '=' en un Distinguished Name (DN) de un certificado de cliente, lo cua... • http://secunia.com/advisories/29644 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •