The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache-ssl | apache-ssl | 1.45 |
| apache-ssl | apache-ssl | 1.42 |
| mod_ssl | mod_ssl | 2.8.1 |
| mod_ssl | mod_ssl | 2.8.2 |
| apache-ssl | apache-ssl | 1.41 |
| mod_ssl | mod_ssl | 2.8 |
| apache-ssl | apache-ssl | 1.40 |
| mod_ssl | mod_ssl | 2.8.6 |
| apache-ssl | apache-ssl | 1.44 |
| apache-ssl | apache-ssl | 1.46 |
| mod_ssl | mod_ssl | 2.8.4 |
| mod_ssl | mod_ssl | 2.8.5 |
| mod_ssl | mod_ssl | 2.7.1 |
| mod_ssl | mod_ssl | 2.8.3 |
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache-ssl | apache-ssl | * |