Unrated severityNVD Advisory· Published Jul 27, 2004· Updated Apr 16, 2026

CVE-2004-0700

Description

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Affected products

Mod Ssl/Mod SSL43 versions
cpe:2.3:a:mod_ssl:mod_ssl:2.3.11:*:*:*:*:*:*:*+ 42 more
- cpe:2.3:a:mod_ssl:mod_ssl:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.9:*:*:*:*:*:*:*
Gentoo/Linux
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/303448nvdThird Party AdvisoryUS Government Resource
distro.conectiva.com.br/atualizacoes/nvd
marc.infonvd
marc.infonvd
packetstormsecurity.org/0407-advisories/modsslFormat.txtnvd
virulent.siyahsapka.orgnvd
www.debian.org/security/2004/dsa-532nvd
www.mandrakesecure.net/en/advisories/advisory.phpnvd
www.osvdb.org/7929nvd
www.redhat.com/support/errata/RHSA-2004-405.htmlnvd
www.redhat.com/support/errata/RHSA-2004-408.htmlnvd
www.securityfocus.com/bid/10736nvd
www.ubuntu.com/usn/usn-177-1nvd
bugzilla.fedora.us/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/16705nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000