VYPR

Apache SSL

by Apache SSL

CVEs (4)

  • CVE-2002-0082Mar 15, 2002
    risk 0.05cvss epss 0.30

    The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client…

  • CVE-2008-0555Apr 4, 2008
    risk 0.00cvss epss 0.02

    The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers…

  • CVE-2004-0009Mar 3, 2004
    risk 0.00cvss epss 0.01

    Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.

  • CVE-2002-1233Nov 4, 2002
    risk 0.00cvss epss 0.01

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the…