CVSS: 9.8EPSS: 30%CPEs: 44EXPL: 0CVE-2004-0700 – mod_proxy hook format string
https://notcve.org/view.php?id=CVE-2004-0700
21 Jul 2004 — Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. Vulnerabilidad de cadena de formateo en la función ssl_log en ssl_engine_log.c en mod_ssl 2.8.10 de Apache 1.3.31 puede permitir a atacantes remotos ejecutar mensajes de su elección mediante especificadores de c... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2002-1157
https://notcve.org/view.php?id=CVE-2002-1157
04 Nov 2002 — Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Vulnerabilidad de scripts en sitios cruzados en el módulo de Apache mod_ssl 2.8.9 y anteriores, cuando UseCanonicalName está desactivado y DNS comodín está ... • http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0653 – Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0653
11 Jul 2002 — Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. • https://www.exploit-db.com/exploits/21575 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 4%CPEs: 14EXPL: 5CVE-2002-0082 – Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0082
15 Mar 2002 — The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. El código de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadament... • https://packetstorm.news/files/id/153567 •