| Description: | Description:
The remote host is missing updates announced in
advisory FLSA-2004:1888.
A stack buffer overflow was discovered in mod_ssl which can be triggered
if using the FakeBasicAuth option. If mod_ssl is sent a client
certificate with a subject DN field longer than 6000 characters, a stack
overflow can occur if FakeBasicAuth has been enabled. In order to
exploit this issue the carefully crafted malicious certificate would
have to be signed by a Certificate Authority which mod_ssl is configured
to trust. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0488 to this issue.
A format string issue was discovered in mod_ssl for Apache 1.3 which can
be triggered if mod_ssl is configured to allow a client to proxy to
remote SSL sites. In order to exploit this issue, a user who is
authorized to use Apache as a proxy would have to attempt to connect to
a carefully crafted hostname via SSL. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0700 to
this issue.
All users of the Apache HTTP Server are advised to upgrade to these
erratum packages, which contain a backported fix and are not vulnerable
to these issues.
Affected platforms:
Redhat 7.3
Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=FLSA-2004:1888
Risk factor : High
CVSS Score:
7.5
|
