Computer Security
[EN] securityvulns.ru no-pyccku


Apache-SSL multiple security vulnerabilities
Published:02.04.2008
Source:
SecurityVulns ID:8856
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on environment variable initialization from client certificates data.
CVE:CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.)
Original documentdocumentAdam Laurie, ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 (02.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod