FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- Certificate Revocation List (CRL) off-by-one vulnerability

Affected packages
2.* < apache < 2.0.54_1


VuXML ID e936d612-253f-11da-bc01-000e0c2e438a
Discovery 2005-07-12
Entry 2005-09-17

Marc Stern reports an off-by-one vulnerability in within mod_ssl. The vulnerability lies in mod_ssl's Certificate Revocation List (CRL). If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service.


Bugtraq ID 14366
CVE Name CVE-2005-1268