FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache13-modssl -- format string vulnerability in proxy support

Affected packages
apache+mod_ssl < 1.3.31+2.8.19
apache+mod_ssl+ipv6 < 1.3.31+2.8.19
ru-apache+mod_ssl < 1.3.31+30.20+2.8.19


VuXML ID 18974c8a-1fbd-11d9-814e-0001020eed82
Discovery 2004-07-16
Entry 2004-10-17

A OpenPKG Security Advisory reports:

Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.


Bugtraq ID 10736
CERT/CC Vulnerability Note 303448
CVE Name CVE-2004-0700