This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.
The remote web server is prone to a memory disclosure / privilege
According to its banner, the version of Apache-SSL installed on the
remote host is older than apache_1.3.41+ssl_1.59. Such versions fail
to properly sanitize certificate data before using it to populate
environment variables. By sending a client certificate with special
characters for the subject, a remote attacker can overwrite certain
environment variables used by the web server, resulting in memory
disclosure or potential privilege escalation in a web application.
See also :
Upgrade to apache_1.3.41+ssl_1.59 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 31738 (apache_ssl_env_var_manipulation.nasl)
Bugtraq ID: 28576
CVE ID: CVE-2008-0555
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.