FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_ssl -- SSLCipherSuite bypass

Affected packages
ru-apache+mod_ssl <= 1.3.31+30.20+2.8.18
apache+mod_ssl < 1.3.31+2.8.20
apache+mod_ssl+ipv6 <= 1.3.31+2.8.18_4
apache2 <= 2.0.52_1

Details

VuXML ID 4238151d-207a-11d9-bfe2-0090962cff2a
Discovery 2004-10-01
Entry 2004-10-23

It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured.

References

CVE Name CVE-2004-0885
Message 20041008152510.GE8385@redhat.com
URL http://issues.apache.org/bugzilla/show_bug.cgi?id=31505