CVE-2002-0082

Name of the Vulnerable Software and Affected Versions mod ssl versions prior to 2.8.7-1.3.23 Apache-SSL versions prior to 1.3.22+1.46

Description The issue arises from improper memory initialization in the dbm and shm session cache code, allowing remote attackers to execute arbitrary code via a buffer overflow. This can be achieved by using a large client certificate signed by a trusted Certificate Authority (CA), resulting in a large serialized session.

Recommendations For mod ssl versions prior to 2.8.7-1.3.23, update to version 2.8.7-1.3.23 or later. For Apache-SSL versions prior to 1.3.22+1.46, update to version 1.3.22+1.46 or later.