Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server is using a module that is affected by a remote
code execution vulnerability.

Description :

The remote host is using a version vulnerable of mod_ssl which is
older than 2.8.19. There is a format string condition in the log
functions of the remote module which may allow an attacker to execute
arbitrary code on the remote host.

*** Some vendors patched older versions of mod_ssl, so this
*** might be a false positive. Check with your vendor to determine
*** if you have a version of mod_ssl that is patched for this
*** vulnerability

See also :


Solution :

Upgrade to mod_ssl version 2.8.19 or newer

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 13651 ()

Bugtraq ID: 10736

CVE ID: CVE-2004-0700