Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-0885 | First vendor Publication | 2004-11-03 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0885 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10384 | |||
| Oval ID: | oval:org.mitre.oval:def:10384 | ||
| Title: | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||
| Description: | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0885 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache2 File : nvt/sles9p5009713.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache File : nvt/sles9p5014050.nasl |
| 2009-05-05 | Name : HP-UX Update for HP-UX Pkg HPSBUX01123 File : nvt/gb_hp_ux_HPSBUX01123.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-21 (apache) File : nvt/glsa_200410_21.nasl |
| 2008-09-04 | Name : FreeBSD Ports: ru-apache+mod_ssl File : nvt/freebsd_ru-apache+mod_ssl.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php File : nvt/esoft_slk_ssa_2004_299_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 10637 | Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass Apache mod_ssl SSL CipherSuite contains a flaw that may allow a malicious user to bypass SSL CipherSuite access restrictions. The issue is triggered when the SSL CipherSuite directive is used with a directory context to require a restricted set of cipher suites. An attacker can use an alternate ciphersuite possibly allowing them to bypass access restrictions resulting in a loss of confidentiality and/or integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4238151d207a11d9bfe20090962cff2a.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-177-1.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
| 2005-08-08 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33075.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-299-01.nasl - Type : ACT_GATHER_INFO |
| 2004-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-600.nasl - Type : ACT_GATHER_INFO |
| 2004-12-02 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20041202.nasl - Type : ACT_GATHER_INFO |
| 2004-11-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-420.nasl - Type : ACT_GATHER_INFO |
| 2004-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-562.nasl - Type : ACT_GATHER_INFO |
| 2004-11-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-122.nasl - Type : ACT_GATHER_INFO |
| 2004-10-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-21.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:48:09 |
|
| 2021-06-06 17:23:04 |
|
| 2021-05-04 12:02:42 |
|
| 2021-04-22 01:02:54 |
|
| 2021-03-30 17:22:46 |
|
| 2020-05-23 00:15:54 |
|
| 2019-08-27 12:01:25 |
|
| 2017-10-11 09:23:23 |
|
| 2017-07-11 12:01:31 |
|
| 2016-10-18 12:01:23 |
|
| 2016-04-26 12:53:53 |
|
| 2014-02-17 10:28:05 |
|
| 2013-05-11 11:43:15 |
|
