Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

high Nessus Plugin ID 10918

Synopsis

The remote web server is vulnerable to a buffer overflow attack.

Description

The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates.

Solution

Upgrade to Apache-SSL version 1.3.23+1.47 or later. [Note that the vulnerability was initially addressed in 1.3.23+1.46 but that version had a bug.]

See Also

http://www.apache-ssl.org/advisory-20020301.txt

https://seclists.org/bugtraq/2002/Feb/376

https://seclists.org/bugtraq/2002/Mar/64

https://seclists.org/bugtraq/2002/Mar/76

Plugin Details

Severity: High

ID: 10918

File Name: apache_ssl_overflow.nasl

Version: 1.31

Type: remote

Family: Web Servers

Published: 3/19/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache-ssl:apache-ssl

Required KB Items: installed_sw/Apache

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/27/2002

Reference Information

CVE: CVE-2002-0082

BID: 4189