Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 532-1.
Insight
Insight
Two vulnerabilities were discovered in libapache-mod-ssl: CVE-2004-0488 - Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. CVE-2004-0700 - Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS. For the current stable distribution (woody), these problems have been fixed in version 2.8.9-2.3. For the unstable distribution (sid), CVE-2004-0488 was fixed in version 2.8.18, and CVE-2004-0700 will be fixed soon. We recommend that you update your libapache-mod-ssl package.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20532-1