CVE-2004-0885

high

Description

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

References

http://www.redhat.com/support/errata/RHSA-2004-600.html

http://www.apacheweek.com/features/security-20

http://issues.apache.org/bugzilla/show_bug.cgi?id=31505

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

http://www.ubuntu.com/usn/usn-177-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://secunia.com/advisories/19072

http://www.redhat.com/support/errata/RHSA-2004-562.html

http://www.redhat.com/support/errata/RHSA-2005-816.html

http://www.securityfocus.com/bid/11360

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

http://www.redhat.com/support/errata/RHSA-2008-0261.html

http://www.vupen.com/english/advisories/2006/0789

http://marc.info/?l=bugtraq&m=109786159119069&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/17671

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2004-11-03

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH