Detections
Analytics

CVE-2004-0885

critical

Description

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/17671

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123

http://www.vupen.com/english/advisories/2006/0789

http://www.ubuntu.com/usn/usn-177-1

http://www.securityfocus.com/bid/11360

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.redhat.com/support/errata/RHSA-2005-816.html

http://www.redhat.com/support/errata/RHSA-2004-600.html

http://www.redhat.com/support/errata/RHSA-2004-562.html

http://www.apacheweek.com/features/security-20

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://secunia.com/advisories/19072

http://marc.info/?l=bugtraq&m=109786159119069&w=2

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

http://issues.apache.org/bugzilla/show_bug.cgi?id=31505

Details

Source: Mitre, NVD

Published: 2004-11-03

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical