CVE-2002-0082

Опубликовано: 15 мар. 2002

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*

cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*

cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*

cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*

cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*

cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03721

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2002-0082

redhat

больше 23 лет назад

GHSA-4fj5-x3ch-mc34

github

больше 3 лет назад