CVE-2004-0885high
Description
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.apacheweek.com/features/security-20
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://www.ubuntu.com/usn/usn-177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://secunia.com/advisories/19072
http://www.redhat.com/support/errata/RHSA-2004-562.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.securityfocus.com/bid/11360
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.vupen.com/english/advisories/2006/0789
http://marc.info/?l=bugtraq&m=109786159119069&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Details
Source: MITRE
Published: 2004-11-03
Updated: 2021-06-06
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH