CVE-2004-0700
CVSS7.5
发布时间 :2004-07-27 00:00:00
修订时间 :2016-10-17 22:48:00
NMCOS    

[原文]Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.


[CNNVD]Oracle 2005年7月更新修复多个安全漏洞(CNNVD-200407-089)

        
        Oracle Database是一款商业性质大型数据库系统。
        各种Oracle Database Server、Oracle Enterprise Manager、Oracle Application Server、Oracle Collaboration Suite、Oracle E-Business Suite和Applications、Oracle Workflow、Oracle Forms and Reports、Oracle JInitiator、Oracle Developer Suite和Oracle Express Server受多个漏洞影响。
        这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性,可能造成信息泄漏或者非法权限提升等攻击。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mod_ssl:mod_ssl:2.4.1
cpe:/a:mod_ssl:mod_ssl:2.5.0
cpe:/a:mod_ssl:mod_ssl:2.8.18
cpe:/a:mod_ssl:mod_ssl:2.4.0
cpe:/a:mod_ssl:mod_ssl:2.8.17
cpe:/a:mod_ssl:mod_ssl:2.8.16
cpe:/a:mod_ssl:mod_ssl:2.8.15
cpe:/a:mod_ssl:mod_ssl:2.8.14
cpe:/a:mod_ssl:mod_ssl:2.8.5.1
cpe:/a:mod_ssl:mod_ssl:2.4.10
cpe:/a:mod_ssl:mod_ssl:2.8.5.2
cpe:/a:mod_ssl:mod_ssl:2.4.3
cpe:/a:mod_ssl:mod_ssl:2.6.1
cpe:/a:mod_ssl:mod_ssl:2.7.0
cpe:/a:mod_ssl:mod_ssl:2.4.2
cpe:/a:mod_ssl:mod_ssl:2.5.1
cpe:/a:mod_ssl:mod_ssl:2.6.0
cpe:/a:mod_ssl:mod_ssl:2.4.5
cpe:/a:mod_ssl:mod_ssl:2.6.3
cpe:/a:mod_ssl:mod_ssl:2.8.1
cpe:/a:mod_ssl:mod_ssl:2.4.4
cpe:/a:mod_ssl:mod_ssl:2.6.2
cpe:/a:mod_ssl:mod_ssl:2.7.1
cpe:/a:mod_ssl:mod_ssl:2.8.0
cpe:/a:mod_ssl:mod_ssl:2.8.7
cpe:/a:mod_ssl:mod_ssl:2.8.6
cpe:/a:mod_ssl:mod_ssl:2.8.9
cpe:/a:mod_ssl:mod_ssl:2.8.8
cpe:/a:mod_ssl:mod_ssl:2.8.12
cpe:/a:mod_ssl:mod_ssl:2.8.10
cpe:/a:mod_ssl:mod_ssl:2.4.7
cpe:/a:mod_ssl:mod_ssl:2.6.5
cpe:/a:mod_ssl:mod_ssl:2.8.3
cpe:/a:mod_ssl:mod_ssl:2.4.6
cpe:/a:mod_ssl:mod_ssl:2.6.4
cpe:/a:mod_ssl:mod_ssl:2.8.2
cpe:/a:mod_ssl:mod_ssl:2.3.11
cpe:/a:mod_ssl:mod_ssl:2.4.9
cpe:/a:mod_ssl:mod_ssl:2.8.5
cpe:/a:mod_ssl:mod_ssl:2.4.8
cpe:/a:mod_ssl:mod_ssl:2.6.6
cpe:/a:mod_ssl:mod_ssl:2.8.4
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:mod_ssl:mod_ssl:2.8.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0700
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0700
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-089
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
(UNKNOWN)  CONECTIVA  CLA-2004:857
http://marc.info/?l=apache-modssl&m=109001100906749&w=2
(UNKNOWN)  MLIST  [apache-modssl] 20040716 [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
http://marc.info/?l=bugtraq&m=109005001205991&w=2
(UNKNOWN)  BUGTRAQ  20040716 [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache)
http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
(UNKNOWN)  MISC  http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
http://virulent.siyahsapka.org/
(UNKNOWN)  MISC  http://virulent.siyahsapka.org/
http://www.debian.org/security/2004/dsa-532
(UNKNOWN)  DEBIAN  DSA-532
http://www.kb.cert.org/vuls/id/303448
(VENDOR_ADVISORY)  CERT-VN  VU#303448
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
(UNKNOWN)  MANDRAKE  MDKSA-2004:075
http://www.redhat.com/support/errata/RHSA-2004-405.html
(UNKNOWN)  REDHAT  RHSA-2004:405
http://www.redhat.com/support/errata/RHSA-2004-408.html
(UNKNOWN)  REDHAT  RHSA-2004:408
http://www.securityfocus.com/bid/10736
(UNKNOWN)  BID  10736
http://www.ubuntu.com/usn/usn-177-1
(UNKNOWN)  UBUNTU  USN-177-1
http://xforce.iss.net/xforce/xfdb/16705
(VENDOR_ADVISORY)  XF  apache-modssl-format-string(16705)
https://bugzilla.fedora.us/show_bug.cgi?id=1888
(UNKNOWN)  FEDORA  FLSA:1888

- 漏洞信息

Oracle 2005年7月更新修复多个安全漏洞
高危 未知
2004-07-27 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        Oracle Database是一款商业性质大型数据库系统。
        各种Oracle Database Server、Oracle Enterprise Manager、Oracle Application Server、Oracle Collaboration Suite、Oracle E-Business Suite和Applications、Oracle Workflow、Oracle Forms and Reports、Oracle JInitiator、Oracle Developer Suite和Oracle Express Server受多个漏洞影响。
        这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性,可能造成信息泄漏或者非法权限提升等攻击。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        Oracle已经为此发布了一个安全公告(cpujul2005)以及相应补丁:
        cpujul2005:Critical Patch Update - July 2005
        链接:
        http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html

        补丁下载:
        Oracle Database Server:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311062.1

        Oracle Application Server:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311038.1

        Oracle Collaboration Suite:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311039.1

        Oracle E-Business and Applications:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311040.1

        Oracle Enterprise Manager:
        
        http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=311061.1

- 漏洞信息

7929
Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
Local Access Required, Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

The mod_ssl ssl_log function in Apache contains a flaw that may allow an attacker to execute arbitrary messages. The issue is triggered due to a ssl_log() format string error within the 'mod_proxy' hook functions. It is possible that the flaw may allow an attacker to execute arbitrary messages via format string specifiers in certain log messages for HTTPS resulting in a loss of integrity.

- 时间线

2004-07-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.8.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apache 'mod_ssl' Log Function Format String Vulnerability
Input Validation Error 10736
Yes No
2004-07-16 12:00:00 2008-06-30 11:52:00
Discovery is credited to Virulent and Ralf S. Engelschall.

- 受影响的程序版本

VMWare ESX Server 2.1.2
VMWare ESX Server 2.1.1
VMWare ESX Server 2.1
VMWare ESX Server 2.0.1 build 6403
VMWare ESX Server 2.0.1
VMWare ESX Server 2.0 build 5257
VMWare ESX Server 2.0
VMWare ESX Server 1.5.2
RedHat Network Proxy (for RHEL 3) 4.2
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Network Proxy (for RHEL 4) 4.2
Oracle Oracle HTTP Server for Apps only 1.0.2 .1s
Oracle Oracle HTTP Server 9.2 .0
+ Apache Software Foundation Apache 1.3.22
Oracle Oracle HTTP Server 9.1
+ Apache Software Foundation Apache 1.3.12
Oracle Oracle HTTP Server 9.0.3 .1
+ Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle HTTP Server 9.0.2 .3
+ Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle HTTP Server 9.0.2
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
Oracle Oracle HTTP Server 1.0.2 .2 Roll up 2
Oracle Oracle HTTP Server 1.0.2 .2
Oracle Oracle HTTP Server 1.0.2 .1
Oracle Oracle HTTP Server 1.0.2 .0
Oracle HTTP Server for Server 9.2
Oracle HTTP Server for Server 9.0.1
Oracle HTTP Server for Server 8.1.7
mod_ssl mod_ssl 2.8.18
mod_ssl mod_ssl 2.8.17
mod_ssl mod_ssl 2.8.16
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
mod_ssl mod_ssl 2.8.15
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
mod_ssl mod_ssl 2.8.14
mod_ssl mod_ssl 2.8.12
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
mod_ssl mod_ssl 2.8.10
- Apache Software Foundation Apache 1.3.26
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.9
- Apache Software Foundation Apache 1.3.26
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ HP Secure OS software for Linux 1.0
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.8
- Apache Software Foundation Apache 1.3.24
mod_ssl mod_ssl 2.8.7
+ Apache Software Foundation Apache 1.3.23
+ MandrakeSoft Multi Network Firewall 2.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
mod_ssl mod_ssl 2.8.6
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.16
+ Apache Software Foundation Apache 1.3.15
+ Apache Software Foundation Apache 1.3.14 Mac
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.13
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.7 -dev
+ Apache Software Foundation Apache 1.3.6
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.1 -1
+ Compaq Compaq Secure Web Server for OpenVMS 1.0 -1
+ Compaq Compaq Secure Web Server for Tru64 5.5.2
mod_ssl mod_ssl 2.8.5 -2
- Apache Software Foundation Apache 1.3.22
mod_ssl mod_ssl 2.8.5 -1
mod_ssl mod_ssl 2.8.5
mod_ssl mod_ssl 2.8.4
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.16
+ Apache Software Foundation Apache 1.3.15
+ Apache Software Foundation Apache 1.3.14 Mac
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.13
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.7 -dev
+ Apache Software Foundation Apache 1.3.6
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
+ MandrakeSoft Single Network Firewall 7.2
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.3
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.16
+ Apache Software Foundation Apache 1.3.15
+ Apache Software Foundation Apache 1.3.14 Mac
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.13
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.7 -dev
+ Apache Software Foundation Apache 1.3.6
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
mod_ssl mod_ssl 2.8.2
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.16
+ Apache Software Foundation Apache 1.3.15
+ Apache Software Foundation Apache 1.3.14 Mac
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.13
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.7 -dev
+ Apache Software Foundation Apache 1.3.6
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
mod_ssl mod_ssl 2.8.1 -2
+ Apache Software Foundation Apache 1.3.19
mod_ssl mod_ssl 2.8.1
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.16
+ Apache Software Foundation Apache 1.3.15
+ Apache Software Foundation Apache 1.3.14 Mac
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.13
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.7 -dev
+ Apache Software Foundation Apache 1.3.6
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
+ RedHat Secure Web Server 3.2 i386
mod_ssl mod_ssl 2.8
mod_ssl mod_ssl 2.7.1
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
+ EnGarde Secure Linux 1.0.1
mod_ssl mod_ssl 2.7 .0
- Apache Software Foundation Apache 1.3.14
mod_ssl mod_ssl 2.6.6
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.6.5
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.6.4
mod_ssl mod_ssl 2.6.3
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.6.2
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.6.1
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.6 .0
+ Apache Software Foundation Apache 1.3.12
mod_ssl mod_ssl 2.5.1
+ Apache Software Foundation Apache 1.3.11
mod_ssl mod_ssl 2.5 .0
+ Apache Software Foundation Apache 1.3.11
mod_ssl mod_ssl 2.4.10
+ Apache Software Foundation Apache 1.3.22
+ Apache Software Foundation Apache 1.3.20
+ Apache Software Foundation Apache 1.3.19
+ Apache Software Foundation Apache 1.3.18
+ Apache Software Foundation Apache 1.3.17
+ Apache Software Foundation Apache 1.3.14
+ Apache Software Foundation Apache 1.3.12
+ Apache Software Foundation Apache 1.3.11
+ Apache Software Foundation Apache 1.3.9
+ Apache Software Foundation Apache 1.3.4
+ Apache Software Foundation Apache 1.3.3
+ Apache Software Foundation Apache 1.3.1
+ Apache Software Foundation Apache 1.3
+ Apache Software Foundation Apache 1.2.5
+ Apache Software Foundation Apache 1.2
mod_ssl mod_ssl 2.4.9
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.8
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.7
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.6
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.5
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.4
mod_ssl mod_ssl 2.4.3
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.2
+ Apache Software Foundation Apache 1.3.9
mod_ssl mod_ssl 2.4.1
mod_ssl mod_ssl 2.4 .10
+ Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
mod_ssl mod_ssl 2.4 .0
mod_ssl mod_ssl 2.3.11
+ Apache Software Foundation Apache 1.3.6
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
HP VirtualVault A.04.70
+ HP HP-UX B.11.04
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
+ HP HP-UX B.11.04
HP HP-UX 11.22
HP HP-UX 11.20
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux 1.4
Conectiva Linux 8.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Converged Communications Server 2.0
Apache Software Foundation Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
mod_ssl mod_ssl 2.8.19
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 不受影响的程序版本

mod_ssl mod_ssl 2.8.19
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 漏洞讨论

The 'mod_ssl' module is affected by a format-string vulnerability within its logging function. This issue occurs because the application fails to properly implement a formatted-string function.

Successful exploits will most likely allow an attacker to gain control of the execution flow of the affected process and run arbitrary code on the affected computer, but this has not been confirmed.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Fixes are available. Please see the references for more information.


VMWare ESX Server 2.0.1

VMWare ESX Server 2.1

VMWare ESX Server 2.1.2

mod_ssl mod_ssl 2.3.11

mod_ssl mod_ssl 2.4 .10

mod_ssl mod_ssl 2.4.10

mod_ssl mod_ssl 2.4.2

mod_ssl mod_ssl 2.4.3

mod_ssl mod_ssl 2.4.5

mod_ssl mod_ssl 2.4.6

mod_ssl mod_ssl 2.4.7

mod_ssl mod_ssl 2.4.8

mod_ssl mod_ssl 2.4.9

mod_ssl mod_ssl 2.5 .0

mod_ssl mod_ssl 2.5.1

mod_ssl mod_ssl 2.6 .0

mod_ssl mod_ssl 2.6.1

mod_ssl mod_ssl 2.6.2

mod_ssl mod_ssl 2.6.3

mod_ssl mod_ssl 2.6.5

mod_ssl mod_ssl 2.6.6

mod_ssl mod_ssl 2.7 .0

mod_ssl mod_ssl 2.7.1

mod_ssl mod_ssl 2.8.1

mod_ssl mod_ssl 2.8.1 -2

mod_ssl mod_ssl 2.8.10

mod_ssl mod_ssl 2.8.12

mod_ssl mod_ssl 2.8.15

mod_ssl mod_ssl 2.8.16

mod_ssl mod_ssl 2.8.17

mod_ssl mod_ssl 2.8.2

mod_ssl mod_ssl 2.8.3

mod_ssl mod_ssl 2.8.4

mod_ssl mod_ssl 2.8.5 -2

mod_ssl mod_ssl 2.8.6

mod_ssl mod_ssl 2.8.7

mod_ssl mod_ssl 2.8.8

mod_ssl mod_ssl 2.8.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站