FreeBSD : apache13-modssl -- format string vulnerability in proxy support (18974c8a-1fbd-11d9-814e-0001020eed82)
High Nessus Plugin ID 36579
The remote FreeBSD host is missing one or more security-related updates.
A OpenPKG Security Advisory reports : Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.