mod_ssl ssl_util_uuencode_binary Remote Overflow

High Nessus Plugin ID 12255


Arbitrary code can be executed on the remote host.


The remote host is using a version of mod_ssl that is older than 2.8.18.

This version is vulnerable to a flaw that could allow an attacker to disable the remote website remotely, or to execute arbitrary code on the remote host.

Note that several Linux distributions patched the old version of this module. Therefore, this alert might be a false-positive. Please check with your vendor to determine if you really are vulnerable to this flaw.


Upgrade to version 2.8.18 (Apache 1.3) or to Apache 2.0.50.

Plugin Details

Severity: High

ID: 12255

File Name: mod_ssl_uuencode_binary.nasl

Version: $Revision: 1.23 $

Type: remote

Family: Web Servers

Published: 2004/05/29

Modified: 2014/04/25

Dependencies: 12506, 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/apache

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/05/17

Reference Information

CVE: CVE-2004-0488

BID: 10355

OSVDB: 6472