Apache-SSL Environment Variables Manipulation

high Log Correlation Engine Plugin ID 800570

Synopsis

The remote web server is prone to a memory disclosure / privilege escalation attack.

Description

According to its banner, the version of Apache-SSL installed on the remote host is older than apache_1.3.41+ssl_1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a remote attacker can overwrite certain environment variables used by the web server, resulting in memory disclosure or potential privilege escalation in a web application.

Solution

Upgrade to apache_1.3.41+ssl_1.59 or higher.

See Also

https://www.cynops.de/advisories/CVE-2008-0555.txt

archives.neohapsis.com/archives/bugtraq/2008-04/0022.html

http://www.apache-ssl.org/advisory-cve-2008-0555.txt

Plugin Details

Severity: High

ID: 800570

Family: Web Servers

Nessus ID: 31738

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Reference Information

CVE: CVE-2008-0555

BID: 28576