Summary
The remote host is using a version of mod_ssl which is older than 2.8.10.
This version is vulnerable to an off by one buffer overflow which may allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server.
*** Note that several Linux distributions (such as RedHat) *** patched the old version of this module. Therefore, this *** might be a false positive. Please check with your vendor *** to determine if you really are vulnerable to this flaw
Solution
Upgrade to version 2.8.10 or newer
Severity
Classification
-
CVE CVE-2002-0653 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- Check for IIS .cnf file leakage
- Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
- GoAhead WebServer Script Source Code Disclosure
- JBoss Enterprise Application Platform Multiple Vulnerabilities