Computer Security
[EN] no-pyccku

Apache-SSL multiple security vulnerabilities
SecurityVulns ID:8856
Threat Level:
Description:Multiple vulnerabilities on environment variable initialization from client certificates data.
CVE:CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.)
Original documentdocumentAdam Laurie, ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 (02.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod