FreeBSD : apache -- Certificate Revocation List (CRL) off-by-one vulnerability (e936d612-253f-11da-bc01-000e0c2e438a)
Medium Nessus Plugin ID 21529
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMarc Stern reports an off-by-one vulnerability in within mod_ssl. The vulnerability lies in mod_ssl's Certificate Revocation List (CRL). If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service.
SolutionUpdate the affected package.