| VID |
22272 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The remote Web server is using a version of Apache mod_ssl module which is older than 2.8.19.
The mod_ssl module for Apache HTTP Server is vulnerable to a format string vulnerability, caused by a flaw in way the ssl_log() function of the mod_ssl module handles hostnames. By supplying a specially crafted hostname value in an HTTPS request such as 'https://foo%s.example.com/' and a hostname 'foo%s' exists in the 'example.com' zone, a unauthenticated attacker could remotely exploit this vulnerability. To successfully exploit this vulnerability could cause arbitrary code to be executed on the affected system.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability. Several Linux distributions patched the old version of mod_ssl module, so this might be a false positive. Please contact your vendor to determine if your Web server really is vulnerable to this flaw. If the server already has been patched or reported by vendor that is not vulnerable, then ignore this alert.
* References:
http://www.kb.cert.org/vuls/id/303448
http://www.securitytracker.com/alerts/2004/Jul/1010717.html
* Platforms Affected:
The versions prior to Mod_SSL 2.8.19 - Apache 1.3.31
Apache HTTP Server Any version
Mandrake Linux Any version
Debian Linux Any version
Gentoo Linux Any version
Apple Mac OS X Any version
Conectiva Linux Any version
Trustix Secure Linux Any version
HP Secure OS software for Linux
Caldera OpenLinux Workstation, Server Any version
Compaq Compaq Secure Web Server for OpenVMS and Tru64 |
| Recommendation |
Upgrade to the latest version (mod_ssl 2.8.19 for Apache 1.3.31 or later) of Apache and mod_ssl, available from Web site for Apache mod_ssl at http://www.modssl.org/ |
| Related URL |
CVE-2004-0700 (CVE) |
| Related URL |
10736 (SecurityFocus) |
| Related URL |
(ISS) |
|
