MEDIUM
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
http://marc.info/?l=bugtraq&m=105776593602600&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
http://www.redhat.com/support/errata/RHSA-2003-240.html
http://www.redhat.com/support/errata/RHSA-2003-243.html
http://www.redhat.com/support/errata/RHSA-2003-244.html
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169
Source: MITRE
Published: 2003-08-18
Updated: 2018-05-03
Type: NVD-CWE-Other
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM