Mod_ssl Off By One Network Vulnerability

Summary

The remote host is using a version of mod_ssl which is older than 2.8.10. This version is vulnerable to an off by one buffer overflow which may allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server. *** Note that several Linux distributions (such as RedHat) *** patched the old version of this module. Therefore, this *** might be a false positive. Please check with your vendor *** to determine if you really are vulnerable to this flaw

Solution

Upgrade to version 2.8.10 or newer

Severity

Classification

CVE CVE-2002-0653
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
Acritum Femitter Server URI Directory Traversal Vulnerability
Lighttpd Trailing Slash Information Disclosure Vulnerability

mod_ssl off by one

Take action and discover your vulnerabilities