CVE-2008-0555

Apache-ssl - Authentication Bypass

Title source: rule

Description

The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.

References (10)

[Vendor Advisory] http://secunia.com/advisories/29644

[Exploit] http://www.apache-ssl.org/advisory-cve-2008-0555.txt

[Exploit] http://www.cynops.de/advisories/CVE-2008-0555.txt

[Exploit] http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt

[Patch] http://www.securityfocus.com/bid/28576

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019784

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41618

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/490386/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1079/references

[Third Party Advisory] http://securityreason.com/securityalert/3797

Scores

EPSS 0.0052

EPSS Percentile 66.6%

Classification

CWE

CWE-287 CWE-20

Status draft

Affected Products (1)

apache-ssl/apache-ssl

Timeline

Published Apr 04, 2008

Tracked Since Feb 18, 2026