Summary
Detail | |||
---|---|---|---|
Vendor | Mod Ssl | First view | 2002-11-04 |
Product | Mod Ssl | Last view | 2004-07-27 |
Version | 2.5.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:mod_ssl:mod_ssl |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2004-07-27 | CVE-2004-0700 | Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function. |
7.5 | 2002-11-04 | CVE-2002-1157 | Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
7929 | Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Fo... |
2107 | Apache HTTP Server mod_ssl Host: Header XSS |
OpenVAS Exploits
id | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: apache+mod_ssl File : nvt/freebsd_apache+mod_ssl.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 181-1 (libapache-mod-ssl) File : nvt/deb_181_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 532-1 (libapache-mod-ssl) File : nvt/deb_532_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 532-2 (libapache-mod-ssl) File : nvt/deb_532_2.nasl |
2005-11-03 | Name : mod_ssl hook functions format string vulnerability File : nvt/mod_ssl_hook_functions_format_string_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache mod_ssl hook functions format string attempt RuleID : 15980 - Type : SERVER-APACHE - Revision : 7 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_18974c8a1fbd11d9814e0001020eed82.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-177-1.nasl - Type: ACT_GATHER_INFO |
2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-181.nasl - Type: ACT_GATHER_INFO |
2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-532.nasl - Type: ACT_GATHER_INFO |
2004-09-09 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2004-408.nasl - Type: ACT_GATHER_INFO |
2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2002-072.nasl - Type: ACT_GATHER_INFO |
2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2004-075.nasl - Type: ACT_GATHER_INFO |
2004-07-16 | Name: The remote web server is using a module that is affected by a remote code exe... File: mod_ssl_hook_functions_format_string_vuln.nasl - Type: ACT_GATHER_INFO |
2004-07-06 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2002-251.nasl - Type: ACT_GATHER_INFO |
2003-05-12 | Name: The remote web server module has a cross-site scripting vulnerability. File: mod_ssl_wildcard_dns_xss.nasl - Type: ACT_GATHER_INFO |