[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2002-0082Date: (C)2002-03-15   (M)2023-12-22


The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://online.securityfocus.com/archive/1/258646
http://marc.info/?l=bugtraq&m=101518491916936&w=2
http://marc.info/?l=bugtraq&m=101528358424306&w=2
BID-4189
CLA-2002:465
CSSA-2002-011.0
DSA-120
ESA-20020301-005
HPSBTL0203-031
HPSBUX0204-190
MDKSA-2002:020
RHSA-2002:041
RHSA-2002:042
RHSA-2002:045
SSRT0817
apache-modssl-bo(8308)
http://www.apacheweek.com/issues/02-03-01#security

© SecPod Technologies