CVE-2002-0653

HIGH

mod_ssl < 2.8.9 - Off-by-one Buffer Overflow in ssl_compat_directive

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0653. PoCs published by Frank DENIS.

AI-analyzed exploit summary The exploit describes an off-by-one buffer overflow vulnerability in mod_ssl for Apache when processing overly long entries in a .htaccess file. Specifically, setting the DATE_LOCALE variable to a string of 12288 bytes triggers the overflow, potentially leading to a DoS or arbitrary code execution.

Description

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Frank DENIS · textdosmultiple

https://www.exploit-db.com/exploits/21575

View Code ZIP pw:eip

The exploit describes an off-by-one buffer overflow vulnerability in mod_ssl for Apache when processing overly long entries in a .htaccess file. Specifically, setting the DATE_LOCALE variable to a string of 12288 bytes triggers the overflow, potentially leading to a DoS or arbitrary code execution.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Apache with mod_ssl (versions affected by CVE-2002-0653)

No auth needed

Prerequisites: Apache with mod_ssl enabled · AllowOverride configuration enabled · Ability to upload or modify .htaccess file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Broken Link vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2002-164.html

Broken Link vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9415.php

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-106.html

Broken Link vendor-advisory x_refsource_caldera

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt

Broken Link vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504

Broken Link vendor-advisory x_refsource_mandrake

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-134.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-136.html

Mailing List mailing-list x_refsource_vuln-dev

http://marc.info/?l=vuln-dev&m=102477330617604&w=2

Broken Link mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5084

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=102513970919836&w=2

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-135.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-146.html

Broken Link vendor-advisory x_refsource_hp

http://archives.neohapsis.com/archives/hp/2002-q3/0018.html

Broken Link vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-135

Mailing List, Patch vendor-advisory x_refsource_engarde

http://marc.info/?l=bugtraq&m=102563469326072&w=2

Scores

CVSS v3 7.8

EPSS 0.0110

EPSS Percentile 61.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-193

Status published

Products (1)

modssl/mod_ssl < 2.8.9

Published Jul 11, 2002

Tracked Since Feb 18, 2026