English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11039
Category:Web Servers
Title:mod_ssl off by one
Summary:Checks for version of mod_ssl
Description:
The remote host is using a version of mod_ssl which is
older than 2.8.10.

This version is vulnerable to an off by one buffer overflow
which may allow a user with write access to .htaccess files
to execute arbitrary code on the system with permissions
of the web server.

*** Note that several Linux distributions (such as RedHat)
*** patched the old version of this module. Therefore, this
*** might be a false positive. Please check with your vendor
*** to determine if you really are vulnerable to this flaw

Solution : Upgrade to version 2.8.10 or newer
Cross-Ref: BugTraq ID: 5084
Common Vulnerability Exposure (CVE) ID: CVE-2002-0653
http://marc.theaimsgroup.com/?l=vuln-dev&m=102477330617604&w=2
Bugtraq: 20020624 Apache mod_ssl off-by-one vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=102513970919836&w=2
http://www.redhat.com/support/errata/RHSA-2002-134.html
http://www.redhat.com/support/errata/RHSA-2002-135.html
http://www.redhat.com/support/errata/RHSA-2002-136.html
http://www.redhat.com/support/errata/RHSA-2002-146.html
RedHat Security Advisories: RHSA-2002:164
http://rhn.redhat.com/errata/RHSA-2002-164.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
Caldera Security Advisory: CSSA-2002-031.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php
Debian Security Information: DSA-135 (Google Search)
http://www.debian.org/security/2002/dsa-135
En Garde Linux Advisory: ESA-20020702-017
http://marc.theaimsgroup.com/?l=bugtraq&m=102563469326072&w=2
SuSE Security Announcement: SuSE-SA:2002:028 (Google Search)
http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
Conectiva Linux advisory: CLA-2002:504
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504
Bugtraq: 20020628 TSL-2002-0058 - apache/mod_ssl (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html
HPdes Security Advisory: HPSBTL0207-052
http://archives.neohapsis.com/archives/hp/2002-q3/0018.html
http://www.securityfocus.com/bid/5084
http://www.iss.net/security_center/static/9415.php
CopyrightThis script is Copyright (C) 2002 Thomas Reinke

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.