Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String

High Nessus Plugin ID 13651


The remote web server is using a module that is affected by a remote code execution vulnerability.


The remote host is using a version vulnerable of mod_ssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host.

*** Some vendors patched older versions of mod_ssl, so this
*** might be a false positive. Check with your vendor to determine
*** if you have a version of mod_ssl that is patched for this
*** vulnerability


Upgrade to mod_ssl version 2.8.19 or newer

See Also



Plugin Details

Severity: High

ID: 13651

File Name: mod_ssl_hook_functions_format_string_vuln.nasl

Version: $Revision: 1.23 $

Type: remote

Family: Web Servers

Published: 2004/07/16

Modified: 2013/05/28

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/apache

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/07/16

Reference Information

CVE: CVE-2004-0700

BID: 10736

OSVDB: 7929