Apache mod_ssl ssl_compat_directive Function Overflow

This script is Copyright (C) 2002-2014 Thomas Reinke

Synopsis :

The remote web server is using a module that is affected by a remote
code execution vulnerability.

Description :

The remote host is using a version of mod_ssl that is older than

This version is vulnerable to an off-by-one buffer overflow that could
allow a user with write access to .htaccess files to execute arbitrary
code on the system with permissions of the web server.

*** Note that several Linux distributions (such as RedHat) *** patched
the old version of this module. Therefore, this *** might be a false
positive. Please check with your vendor *** to determine if you really
are vulnerable to this flaw

See also :


Solution :

Upgrade to mod_ssl version 2.8.10 or newer.

Risk factor :

Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.4
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 11039 ()

Bugtraq ID: 5084

CVE ID: CVE-2002-0653