PT-2004-1923 · Apache+1 · Apache Mod Ssl+2

Publicado

2004-10-01

Atualizado

2021-06-06

CVE-2004-0885

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Apache mod ssl versions 2.0.35 through 2.0.52

Description: The issue allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration when the "SSLCipherSuite" directive is used in directory or location context.

Recommendations: For Apache mod ssl versions 2.0.35 through 2.0.52, consider restricting the use of the SSLCipherSuite directive to the server configuration level to prevent remote clients from bypassing intended restrictions. As a temporary workaround, review and restrict the allowed cipher suites in the virtual host configuration to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0885

HPSBUX01123

RHSA-2004:562

RHSA-2008:0261

RHSA-2008:0523

RHSA-2008:0524

Produtos afetados

Apache Http Server

Apache Mod Ssl

Hp-Ux

PT-2004-1923 · Apache+1 · Apache Mod Ssl+2

CVE-2004-0885

Identificadores relacionados

Produtos afetados

Referências · 51