mod_ssl ssl_util_uuencode_binary Remote Overflow

high Nessus Plugin ID 12255

Synopsis

Arbitrary code can be executed on the remote host.

Description

The remote host is using a version of mod_ssl that is older than 2.8.18.

This version is vulnerable to a flaw that could allow an attacker to disable the remote website remotely, or to execute arbitrary code on the remote host.

Note that several Linux distributions patched the old version of this module. Therefore, this alert might be a false-positive. Please check with your vendor to determine if you really are vulnerable to this flaw.

Solution

Upgrade to version 2.8.18 (Apache 1.3) or to Apache 2.0.50.

Plugin Details

Severity: High

ID: 12255

File Name: mod_ssl_uuencode_binary.nasl

Version: 1.24

Type: remote

Family: Web Servers

Published: 5/29/2004

Updated: 7/14/2018

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/apache

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/17/2004

Reference Information

CVE: CVE-2004-0488

BID: 10355