Back to search
CVE-2002-0082
Published: Jun 25, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
CSSA-2002-011.0
vendor-advisory
x_refsource_CALDERA
4189
vdb-entry
x_refsource_BID
RHSA-2002:045
vendor-advisory
x_refsource_REDHAT
HPSBUX0204-190
vendor-advisory
x_refsource_HP
20020301 Apache-SSL buffer overflow (fix available)
mailing-list
x_refsource_BUGTRAQ
20020227 mod_ssl Buffer Overflow Condition (Update Available)
mailing-list
x_refsource_BUGTRAQ
MDKSA-2002:020
vendor-advisory
x_refsource_MANDRAKE
ESA-20020301-005
vendor-advisory
x_refsource_ENGARDE
20020304 Apache-SSL 1.3.22+1.47 - update to security fix
mailing-list
x_refsource_BUGTRAQ
RHSA-2002:042
vendor-advisory
x_refsource_REDHAT
apache-modssl-bo(8308)
vdb-entry
x_refsource_XF
RHSA-2002:041
vendor-advisory
x_refsource_REDHAT
http://www.apacheweek.com/issues/02-03-01#security
x_refsource_CONFIRM
SSRT0817
vendor-advisory
x_refsource_COMPAQ
CLA-2002:465
vendor-advisory
x_refsource_CONECTIVA
HPSBTL0203-031
vendor-advisory
x_refsource_HP
DSA-120
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now