CVE Vulnerabilities

CVE-2004-0488

Published: Jul 07, 2004 | Modified: Jun 06, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 1.3.17 1.3.17
Http_server Apache 1.3.18 1.3.18
Http_server Apache 1.3.27 1.3.27
Http_server Apache 1.3.28 1.3.28
Http_server Apache 1.3.9 1.3.9
Http_server Apache 2.0 2.0
Http_server Apache 2.0.38 2.0.38
Http_server Apache 2.0.39 2.0.39
Http_server Apache 2.0.40 2.0.40
Http_server Apache 2.0.47 2.0.47
Http_server Apache 2.0.48 2.0.48
Mod_ssl Mod_ssl 2.8.16 2.8.16
Http_server Apache 2.0.42 2.0.42
Http_server Apache 1.3.23 1.3.23
Http_server Apache 2.0.35 2.0.35
Http_server Apache 2.0.44 2.0.44
Http_server Apache 1.3.1 1.3.1
Http_server Apache 1.3.19 1.3.19
Http_server Apache 1.3.31 1.3.31
Http_server Apache 1.3.24 1.3.24
Mod_ssl Mod_ssl 2.8.10 2.8.10
Http_server Apache 1.3.20 1.3.20
Http_server Apache 2.0.28 2.0.28
Http_server Apache 2.0.41 2.0.41
Http_server Apache 1.3.4 1.3.4
Http_server Apache 2.0.32 2.0.32
Http_server Apache 1.3 1.3
Http_server Apache 1.3.3 1.3.3
Mandrake_multi_network_firewall Mandrakesoft 8.2 8.2
Mod_ssl Mod_ssl 2.8.7 2.8.7
Http_server Apache 1.3.29 1.3.29
Http_server Apache 1.3.22 1.3.22
Http_server Apache 1.3.11 1.3.11
Http_server Apache 2.0.43 2.0.43
Http_server Apache 2.0.28 2.0.28
Tinysofa_enterprise_server Tinysofa 1.0_u1 1.0_u1
Mod_ssl Mod_ssl 2.8.12 2.8.12
Http_server Apache 2.0.37 2.0.37
Http_server Apache 1.3.25 1.3.25
Tinysofa_enterprise_server Tinysofa 1.0 1.0
Http_server Apache 1.3.7 1.3.7
Http_server Apache 1.3.6 1.3.6
Http_server Apache 2.0.49 2.0.49
Http_server Apache 2.0.9 2.0.9
Http_server Apache 1.3.12 1.3.12
Mod_ssl Mod_ssl 2.8.15 2.8.15
Http_server Apache 2.0.45 2.0.45
Http_server Apache 1.3.26 1.3.26
Http_server Apache 2.0.36 2.0.36
Http_server Apache 1.3.14 1.3.14
Http_server Apache 2.0.46 2.0.46
Propack Sgi 2.4 2.4
Red Hat Enterprise Linux 2.1 RedHat apache *
Red Hat Enterprise Linux 2.1 RedHat mod_ssl *
Red Hat Enterprise Linux 3 RedHat httpd-0:2.0.46-32.ent.3 *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat jabberd-0:2.0s10-3.37.rhn *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat rhn-apache-0:1.3.27-36.rhn.rhel3 *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat rhn-modperl-0:1.29-16.rhel3 *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat jabberd-0:2.0s10-3.38.rhn *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat rhn-apache-0:1.3.27-36.rhn.rhel4 *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat rhn-modperl-0:1.29-16.rhel4 *
Stronghold 4 for Red Hat Enterprise Linux RedHat stronghold-apache *
Stronghold 4 for Red Hat Enterprise Linux RedHat stronghold-mod_ssl *
Stronghold 4 for Red Hat Enterprise Linux RedHat stronghold-php *
Apache2 Ubuntu dapper *
Apache2 Ubuntu devel *
Apache2 Ubuntu edgy *
Apache2 Ubuntu feisty *

References