PT-2004-1923 · Apache+1 · Apache Mod Ssl+2

Published

2004-10-01

Updated

2021-06-06

CVE-2004-0885

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Apache mod ssl versions 2.0.35 through 2.0.52

Description: The issue allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration when the "SSLCipherSuite" directive is used in directory or location context.

Recommendations: For Apache mod ssl versions 2.0.35 through 2.0.52, consider restricting the use of the SSLCipherSuite directive to the server configuration level to prevent remote clients from bypassing intended restrictions. As a temporary workaround, review and restrict the allowed cipher suites in the virtual host configuration to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0885

HPSBUX01123

RHSA-2004:562

RHSA-2008:0261

RHSA-2008:0523

RHSA-2008:0524

Affected Products

Apache Http Server

Apache Mod Ssl

Hp-Ux

PT-2004-1923 · Apache+1 · Apache Mod Ssl+2

CVE-2004-0885

Related Identifiers

Affected Products

References · 51