CVE-2004-0488

Apache HTTP Server 2.0.35-2.0.49 - Remote Code Execution via SSL Client Certificate Subject DN

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

References (31)

Core 31
Core References
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.net/errata/2004/0031/
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:054
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-342.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2004-245.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200406-05.xml
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108567431823750&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-405.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=109215056218824&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-816.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=109181600614477&w=2
Third Party Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html
Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10355
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-532
Broken Link, Issue Tracking vendor-advisory x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1888
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:055
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16214
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108619129727620&w=2

Scores

EPSS 0.3768
EPSS Percentile 98.4%

Details

CWE
CWE-787
Status published
Products (4)
apache/http_server 2.0.35 - 2.0.50
debian/debian_linux 3.0
redhat/enterprise_linux_server 2.0
redhat/enterprise_linux_workstation 2.0
Published Jul 07, 2004
Tracked Since Feb 18, 2026