Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2004-0488

CVE information

Published

18 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

High

Impact Analysis

Description

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN..

CVSSv2.0 Score

Severity
High
Base Score
7.5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mod_ssl:mod_ssl:2.8.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mod_ssl:mod_ssl:2.8.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mod_ssl:mod_ssl:2.8.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mod_ssl:mod_ssl:2.8.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*
  Yes
- -
cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0_u1:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mod_ssl:mod_ssl:2.8.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  Yes
- -
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:openbsd:openbsd:current:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*
  Yes
- -
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  Yes
- -
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
  Yes
- -

References