Mod_ssl Off By One Network Vulnerability

Summary

The remote host is using a version of mod_ssl which is older than 2.8.10. This version is vulnerable to an off by one buffer overflow which may allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server. *** Note that several Linux distributions (such as RedHat) *** patched the old version of this module. Therefore, this *** might be a false positive. Please check with your vendor *** to determine if you really are vulnerable to this flaw

Solution

Upgrade to version 2.8.10 or newer

Severity

Classification

CVE CVE-2002-0653

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
Acritum Femitter Server URI Directory Traversal Vulnerability
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability

mod_ssl off by one

Take action and discover your vulnerabilities