CVE-2004-0700

critical

Description

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16705

https://bugzilla.fedora.us/show_bug.cgi?id=1888

http://www.ubuntu.com/usn/usn-177-1

http://www.securityfocus.com/bid/10736

http://www.redhat.com/support/errata/RHSA-2004-408.html

http://www.redhat.com/support/errata/RHSA-2004-405.html

http://www.osvdb.org/7929

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075

http://www.kb.cert.org/vuls/id/303448

http://www.debian.org/security/2004/dsa-532

http://virulent.siyahsapka.org/

http://packetstormsecurity.org/0407-advisories/modsslFormat.txt

http://marc.info/?l=bugtraq&m=109005001205991&w=2

http://marc.info/?l=apache-modssl&m=109001100906749&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857

Details

Source: Mitre, NVD

Published: 2004-07-27

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical