Action not permitted
Modal body text goes here.
rhsa-2004_139
Vulnerability from csaf_redhat
Published
2004-03-17 17:20
Modified
2024-11-21 23:00
Summary
Red Hat Security Advisory: apache, openssl security update for Stronghold
Notes
Topic
Updated versions of Stronghold 4 cross-platform are available that fix
security issues affecting OpenSSL and the Apache HTTP Server. A number
of bug fixes are also included.
Details
Stronghold 4 contains a number of open source technologies, including
OpenSSL 0.9.6 and the Apache HTTP Server.
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0081 to this issue.
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a null-pointer assignment in the do_change_cipher_spec() function
in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could
send a carefully crafted SSL/TLS handshake which could lead to a denial of
service attack. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.
Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851
to this issue.
An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 1.3 prior to
1.3.29. To exploit this issue an attacker would need to have the ability
to write to Apache configuration files such as .htaccess or httpd.conf. A
carefully-crafted configuration file can cause an exploitable buffer
overflow and would allow the attacker to execute arbitrary code in the
context of the server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.
Users of Stronghold 4 cross-platform are advised to update to these errata
versions, which contain backported security fixes and are not vulnerable to
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nsecurity issues affecting OpenSSL and the Apache HTTP Server. A number\nof bug fixes are also included.", "title": "Topic" }, { "category": "general", "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and the Apache HTTP Server.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a null-pointer assignment in the do_change_cipher_spec() function\nin OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could\nsend a carefully crafted SSL/TLS handshake which could lead to a denial of\nservice attack. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 1.3 prior to\n1.3.29. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2004:139", "url": "https://access.redhat.com/errata/RHSA-2004:139" }, { "category": "external", "summary": "http://www.niscc.gov.uk/", "url": "http://www.niscc.gov.uk/" }, { "category": "external", "summary": "http://www.codenomicon.com/testtools/tls/", "url": "http://www.codenomicon.com/testtools/tls/" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_139.json" } ], "title": "Red Hat Security Advisory: apache, openssl security update for Stronghold", "tracking": { "current_release_date": "2024-11-21T23:00:35+00:00", "generator": { "date": "2024-11-21T23:00:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2004:139", "initial_release_date": "2004-03-17T17:20:00+00:00", "revision_history": [ { "date": "2004-03-17T17:20:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2004-03-17T00:00:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T23:00:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Stronghold 4", "product": { "name": "Red Hat Stronghold 4", "product_id": "Red Hat Stronghold 4", "product_identification_helper": { "cpe": "cpe:/a:redhat:stronghold:4" } } } ], "category": "product_family", "name": "Stronghold Cross Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2003-0542", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617048" } ], "notes": [ { "category": "description", "text": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2003-0542" }, { "category": "external", "summary": "RHBZ#1617048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617048" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0542", "url": "https://www.cve.org/CVERecord?id=CVE-2003-0542" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542", "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542" } ], "release_date": "2003-10-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-03-17T17:20:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:139" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "security flaw" }, { "cve": "CVE-2003-0851", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617090" } ], "notes": [ { "category": "description", "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2003-0851" }, { "category": "external", "summary": "RHBZ#1617090", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851", "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851", "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851" } ], "release_date": "2003-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-03-17T17:20:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:139" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "cve": "CVE-2004-0079", "discovery_date": "2004-03-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617140" } ], "notes": [ { "category": "description", "text": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0079" }, { "category": "external", "summary": "RHBZ#1617140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0079", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079" } ], "release_date": "2004-03-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-03-17T17:20:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:139" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "cve": "CVE-2004-0081", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617142" } ], "notes": [ { "category": "description", "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0081" }, { "category": "external", "summary": "RHBZ#1617142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081" } ], "release_date": "2004-03-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-03-17T17:20:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:139" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "security flaw" } ] }
cve-2004-0081
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-465" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-465" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0081", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9899" }, { "name": "ESA-20040317-003", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2" }, { "name": "RHSA-2004:121", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "CLA-2004:834", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "20040304-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "openssl-tls-dos(15509)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509" }, { "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "57524", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "oval:org.mitre.oval:def:871", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871" }, { "name": "oval:org.mitre.oval:def:11755", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755" }, { "name": "VU#465542", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/465542" }, { "name": "TA04-078A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "GLSA-200403-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "RHSA-2004:119", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "oval:org.mitre.oval:def:902", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902" }, { "name": "RHSA-2004:139", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "2004-0012", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "DSA-465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-465" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0081", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0851
Vulnerability from cvelistv5
Published
2003-11-06 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:05:12.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:5528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17381" }, { "name": "NetBSD-SA2004-003", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc" }, { "name": "20030930 SSL Implementation Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "name": "8970", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8970" }, { "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20031104.txt" }, { "name": "VU#412478", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/412478" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-11-04T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:5528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "20040304-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17381" }, { "name": "NetBSD-SA2004-003", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc" }, { "name": "20030930 SSL Implementation Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "name": "8970", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8970" }, { "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2" }, { "name": "RHSA-2004:119", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20031104.txt" }, { "name": "VU#412478", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/412478" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:5528", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528" }, { "name": "FEDORA-2005-1042", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "20040304-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc" }, { "name": "17381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17381" }, { "name": "NetBSD-SA2004-003", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc" }, { "name": "20030930 SSL Implementation Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "name": "8970", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8970" }, { "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2" }, { "name": "RHSA-2004:119", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html" }, { "name": "http://www.openssl.org/news/secadv_20031104.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20031104.txt" }, { "name": "VU#412478", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/412478" }, { "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0851", "datePublished": "2003-11-06T05:00:00", "dateReserved": "2003-10-10T00:00:00", "dateUpdated": "2024-08-08T02:05:12.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0542
Vulnerability from cvelistv5
Published
2003-10-30 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:11.064Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040202-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" }, { "name": "RHSA-2004:015", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-015.html" }, { "name": "10112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10112" }, { "name": "VU#434566", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/434566" }, { "name": "10593", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10593" }, { "name": "MDKSA-2003:103", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" }, { "name": "RHSA-2003:360", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-360.html" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/dist/httpd/Announcement2.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "APPLE-SA-2004-01-26", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" }, { "name": "SCOSA-2004.6", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt" }, { "name": "RHSA-2003:405", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-405.html" }, { "name": "oval:org.mitre.oval:def:3799", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799" }, { "name": "9504", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9504" }, { "name": "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/342674" }, { "name": "20031203-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc" }, { "name": "oval:org.mitre.oval:def:9458", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458" }, { "name": "10102", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10102" }, { "name": "apache-modalias-modrewrite-bo(13400)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400" }, { "name": "HPSBUX0311-301", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/advisories/6079" }, { "name": "RHSA-2005:816", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "10153", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10153" }, { "name": "10098", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10098" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "10264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10264" }, { "name": "oval:org.mitre.oval:def:864", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864" }, { "name": "10580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10580" }, { "name": "101841", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1" }, { "name": "RHSA-2003:320", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-320.html" }, { "name": "101444", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1" }, { "name": "10260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10260" }, { "name": "10463", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10463" }, { "name": "20031031 GLSA: apache (200310-04)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=106761802305141\u0026w=2" }, { "name": "VU#549142", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/549142" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "10096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10096" }, { "name": "10114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/10114" }, { "name": "8911", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8911" }, { "name": "oval:org.mitre.oval:def:863", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:09:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040202-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" }, { "name": "RHSA-2004:015", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-015.html" }, { "name": "10112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10112" }, { "name": "VU#434566", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/434566" }, { "name": "10593", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10593" }, { "name": "MDKSA-2003:103", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" }, { "name": "RHSA-2003:360", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-360.html" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/dist/httpd/Announcement2.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "APPLE-SA-2004-01-26", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" }, { "name": "SCOSA-2004.6", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt" }, { "name": "RHSA-2003:405", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-405.html" }, { "name": "oval:org.mitre.oval:def:3799", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799" }, { "name": "9504", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9504" }, { "name": "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/342674" }, { "name": "20031203-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc" }, { "name": "oval:org.mitre.oval:def:9458", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458" }, { "name": "10102", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10102" }, { "name": "apache-modalias-modrewrite-bo(13400)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400" }, { "name": "HPSBUX0311-301", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/advisories/6079" }, { "name": "RHSA-2005:816", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "10153", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10153" }, { "name": "10098", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10098" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "10264", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10264" }, { "name": "oval:org.mitre.oval:def:864", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864" }, { "name": "10580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10580" }, { "name": "101841", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1" }, { "name": "RHSA-2003:320", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-320.html" }, { "name": "101444", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1" }, { "name": "10260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10260" }, { "name": "10463", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10463" }, { "name": "20031031 GLSA: apache (200310-04)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=106761802305141\u0026w=2" }, { "name": "VU#549142", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/549142" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "10096", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10096" }, { "name": "10114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/10114" }, { "name": "8911", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8911" }, { "name": "oval:org.mitre.oval:def:863", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040202-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" }, { "name": "RHSA-2004:015", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-015.html" }, { "name": "10112", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10112" }, { "name": "VU#434566", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/434566" }, { "name": "10593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10593" }, { "name": "MDKSA-2003:103", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" }, { "name": "RHSA-2003:360", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-360.html" }, { "name": "SSRT090208", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "http://httpd.apache.org/dist/httpd/Announcement2.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/dist/httpd/Announcement2.html" }, { "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource": "CONFIRM", "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "APPLE-SA-2004-01-26", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" }, { "name": "SCOSA-2004.6", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt" }, { "name": "RHSA-2003:405", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-405.html" }, { "name": "oval:org.mitre.oval:def:3799", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799" }, { "name": "9504", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9504" }, { "name": "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/342674" }, { "name": "20031203-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc" }, { "name": "oval:org.mitre.oval:def:9458", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458" }, { "name": "10102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10102" }, { "name": "apache-modalias-modrewrite-bo(13400)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400" }, { "name": "HPSBUX0311-301", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/6079" }, { "name": "RHSA-2005:816", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" }, { "name": "10153", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10153" }, { "name": "10098", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10098" }, { "name": "HPSBOV02683", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "10264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10264" }, { "name": "oval:org.mitre.oval:def:864", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864" }, { "name": "10580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10580" }, { "name": "101841", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1" }, { "name": "RHSA-2003:320", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-320.html" }, { "name": "101444", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1" }, { "name": "10260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10260" }, { "name": "10463", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10463" }, { "name": "20031031 GLSA: apache (200310-04)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=106761802305141\u0026w=2" }, { "name": "VU#549142", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/549142" }, { "name": "http://docs.info.apple.com/article.html?artnum=61798", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "10096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10096" }, { "name": "10114", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10114" }, { "name": "8911", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8911" }, { "name": "oval:org.mitre.oval:def:863", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0542", "datePublished": "2003-10-30T05:00:00", "dateReserved": "2003-07-14T00:00:00", "dateUpdated": "2024-08-08T01:58:11.064Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0079
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.689Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17381" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-03-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "9899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "tags": [ "vendor-advisory", "x_refsource_ENGARDE" ], "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17381" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "tags": [ "third-party-advisory", "government-resource", "x_refsource_CIAC" ], "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "9899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9899" }, { "name": "FEDORA-2005-1042", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html" }, { "name": "ESA-20040317-003", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html" }, { "name": "SSRT4717", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2" }, { "name": "RHSA-2004:121", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" }, { "name": "MDKSA-2004:023", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" }, { "name": "oval:org.mitre.oval:def:2621", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621" }, { "name": "CLA-2004:834", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834" }, { "name": "SCOSA-2004.10", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" }, { "name": "17381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17381" }, { "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" }, { "name": "FEDORA-2004-095", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml" }, { "name": "oval:org.mitre.oval:def:9779", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779" }, { "name": "oval:org.mitre.oval:def:975", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975" }, { "name": "57524", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" }, { "name": "SuSE-SA:2004:007", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" }, { "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", "refsource": "CONFIRM", "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" }, { "name": "http://www.openssl.org/news/secadv_20040317.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20040317.txt" }, { "name": "FreeBSD-SA-04:05", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" }, { "name": "NetBSD-SA2004-005", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" }, { "name": "O-101", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" }, { "name": "TA04-078A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" }, { "name": "17401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17401" }, { "name": "RHSA-2005:829", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm" }, { "name": "oval:org.mitre.oval:def:870", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870" }, { "name": "RHSA-2005:830", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html" }, { "name": "GLSA-200403-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" }, { "name": "11139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11139" }, { "name": "RHSA-2004:120", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" }, { "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2" }, { "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US", "refsource": "CONFIRM", "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US" }, { "name": "APPLE-SA-2005-08-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" }, { "name": "17398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17398" }, { "name": "SSA:2004-077", "refsource": "SLACKWARE", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961" }, { "name": "RHSA-2004:139", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html" }, { "name": "openssl-dochangecipherspec-dos(15505)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505" }, { "name": "2004-0012", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2004/0012" }, { "name": "20040317 Cisco OpenSSL Implementation Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" }, { "name": "http://docs.info.apple.com/article.html?artnum=61798", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=61798" }, { "name": "VU#288574", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/288574" }, { "name": "DSA-465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-465" }, { "name": "APPLE-SA-2005-08-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" }, { "name": "18247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18247" }, { "name": "oval:org.mitre.oval:def:5770", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0079", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.