PT-2002-1170 · Apache · Apache-Ssl+1

Published

2002-03-15

Updated

2016-10-18

CVE-2002-0082

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mod ssl versions prior to 2.8.7-1.3.23 Apache-SSL versions prior to 1.3.22+1.46

Description The issue arises from improper memory initialization in the dbm and shm session cache code, allowing remote attackers to execute arbitrary code via a buffer overflow. This can be achieved by using a large client certificate signed by a trusted Certificate Authority (CA), resulting in a large serialized session.

Recommendations For mod ssl versions prior to 2.8.7-1.3.23, update to version 2.8.7-1.3.23 or later. For Apache-SSL versions prior to 1.3.22+1.46, update to version 1.3.22+1.46 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0082

Affected Products

Apache-Ssl

Mod Ssl

PT-2002-1170 · Apache · Apache-Ssl+1

CVE-2002-0082

Related Identifiers

Affected Products

References · 23