Apache mod_ssl ssl_compat_directive Function Overflow

medium Nessus Plugin ID 11039

Synopsis

The remote web server is using a module that is affected by a remote code execution vulnerability.

Description

The remote host is using a version of mod_ssl that is older than 2.8.10.

This version is vulnerable to an off-by-one buffer overflow that could allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server.

*** Note that several Linux distributions (such as RedHat) *** patched the old version of this module. Therefore, this *** might be a false positive. Please check with your vendor *** to determine if you really are vulnerable to this flaw

Solution

Upgrade to mod_ssl version 2.8.10 or newer.

See Also

https://marc.info/?l=vuln-dev&m=102477330617604&w=2

https://marc.info/?l=bugtraq&m=102513970919836&w=2

Plugin Details

Severity: Medium

ID: 11039

File Name: mod_ssl_offby1.nasl

Version: 1.34

Type: remote

Family: Web Servers

Published: 7/2/2002

Updated: 5/28/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mod_ssl:mod_ssl

Required KB Items: Settings/ParanoidReport, www/apache

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/24/2002

Reference Information

CVE: CVE-2002-0653

BID: 5084

SuSE: SUSE-SA:2002:028