Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow

High Nessus Plugin ID 10888


The remote web server module has a buffer overflow vulnerability.


According to the web server banner, the remote host is using a vulnerable version of mod_ssl. This version has a buffer overflow vulnerability. A remote attacker could exploit this issue to execute arbitrary code.

*** Some vendors patched older versions of mod_ssl, so this *** might be a false positive. Check with your vendor to determine *** if you have a version of mod_ssl that is patched for this *** vulnerability.


Upgrade to mod_ssl 2.8.7 or later.

See Also


Plugin Details

Severity: High

ID: 10888

File Name: mod_ssl_overflow.nasl

Version: $Revision: 1.30 $

Type: remote

Family: Web Servers

Published: 2002/03/08

Modified: 2017/09/28

Dependencies: 10107, 10386, 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/apache

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2002/02/27

Reference Information

CVE: CVE-2002-0082

BID: 4189

OSVDB: 756