Rapid7 Vulnerability & Exploit Database

SuSE: apache2-doc 2.0.48-152

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SuSE: apache2-doc 2.0.48-152

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

07/05/2005

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-1268
APPLE-SA-2005-11-29
14106
14366
15647
CVE - 2005-1268
CVE - 2005-2088
DSA-803
DSA-805
MDKSA-2005:129
OVAL11452
OVAL1237
OVAL1346
OVAL1526
OVAL1629
OVAL1714
OVAL1747
OVAL840
OVAL9589
RHSA-2005:582
SUSE-SA:2005:046
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://marc2.theaimsgroup.com/?l=apache-httpd-announce&m=112931556417329&w=3
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.frsirt.com/english/advisories/2005/2140
http://www.frsirt.com/english/advisories/2005/2659
http://www.frsirt.com/english/advisories/2006/0789
http://www.frsirt.com/english/advisories/2006/1018
http://www.novell.com/linux/download/updates/90_i386.html
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
http://www.ubuntu.com/usn/usn-160-2
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;