FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache13-modssl -- format string vulnerability in proxy support

Affected packages
apache+mod_ssl < 1.3.31+2.8.19
apache+mod_ssl+ipv6 < 1.3.31+2.8.19
ru-apache+mod_ssl < 1.3.31+30.20+2.8.19

Details

VuXML ID 18974c8a-1fbd-11d9-814e-0001020eed82
Discovery 2004-07-16
Entry 2004-10-17

A OpenPKG Security Advisory reports:

Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.

References

Bugtraq ID 10736
CERT/CC Vulnerability Note 303448
CVE Name CVE-2004-0700
Message 20040716204207.GA45678@engelschall.com
URL http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
URL http://www.openpkg.org/security/OpenPKG-SA-2004.032-apache.html