FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0700

This CVE name corresponds to:

Entered Topic
2004-10-17 apache13-modssl -- format string vulnerability in proxy support

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0700 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0700
Phase Assigned(20040719)

Description

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

References

Source Reference
MLIST [apache-modssl] 20040716 [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
BUGTRAQ 20040716 [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache)
MISC http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
MISC http://virulent.siyahsapka.org/
CONECTIVA CLA-2004:857
DEBIAN DSA-532
FEDORA FLSA:1888
MANDRAKE MDKSA-2004:075
REDHAT RHSA-2004:405
REDHAT RHSA-2004:408
UBUNTU USN-177-1
CERT-VN VU#303448
BID 10736
XF apache-modssl-format-string(16705)
OSVDB 7929

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.