- Home
- Vulnerability & Exploit Database
- Vulnerabilities
Rapid7 Vulnerability & Exploit Database
SuSE: apache2-mod_php4 4.3.8-8.14
Free InsightVM Trial
No credit card necessary
Watch Demo
See how it all works
SuSE: apache2-mod_php4 4.3.8-8.14
10
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
01/10/2005
07/25/2018
11/08/2005
11/18/2015
Description
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Solution(s)
References
- https://attackerkb.com/topics/cve-2004-0806
- APPLE-SA-2005-06-08
- APPLE-SA-2005-08-15
- APPLE-SA-2005-08-17
- APPLE-SA-2005-11-29
- 11075
- 11360
- 13024
- 13993
- 14011
- 14088
- 14106
- 14110
- 14366
- 14560
- 14583
- 14584
- 14588
- 14620
- 14660
- 14721
- 14963
- 14977
- 15035
- 15071
- 15102
- 15408
- 15647
- 16248
- 16663
- 17038
- 17058
- 17192
- 24799
- 29011
- 9933
- TA06-081A
- 700326
- 744929
- 834865
- Q-151
- CVE - 2004-0806
- CVE - 2004-0885
- CVE - 2004-0942
- CVE - 2004-1019
- CVE - 2004-1065
- CVE - 2004-1834
- CVE - 2004-2069
- CVE - 2005-0524
- CVE - 2005-0525
- CVE - 2005-1038
- CVE - 2005-1042
- CVE - 2005-1043
- CVE - 2005-1268
- CVE - 2005-1921
- CVE - 2005-1993
- CVE - 2005-2088
- CVE - 2005-2106
- CVE - 2005-2272
- CVE - 2005-2491
- CVE - 2005-2498
- CVE - 2005-2635
- CVE - 2005-2636
- CVE - 2005-2700
- CVE - 2005-2728
- CVE - 2005-2757
- CVE - 2005-2761
- CVE - 2005-2917
- CVE - 2005-2969
- CVE - 2005-3183
- CVE - 2005-3185
- CVE - 2005-3573
- CVE - 2005-3629
- CVE - 2005-3700
- CVE - 2005-3701
- CVE - 2005-3702
- CVE - 2005-3704
- CVE - 2005-3705
- CVE - 2005-4153
- CVE - 2006-0049
- CVE - 2006-0058
- CVE - 2006-0455
- DSA-1015
- DSA-708
- DSA-729
- DSA-735
- DSA-745
- DSA-746
- DSA-747
- DSA-789
- DSA-798
- DSA-800
- DSA-803
- DSA-805
- DSA-807
- DSA-817
- DSA-819
- DSA-821
- DSA-828
- DSA-840
- DSA-842
- DSA-875
- DSA-881
- DSA-882
- DSA-919
- DSA-955
- DSA-978
- DSA-993
- MDKSA-2004:091
- MDKSA-2004:135
- MDKSA-2004:151
- MDKSA-2005:072
- MDKSA-2005:109
- MDKSA-2005:129
- NetBSD-SA2006-010
- 15183
- 15184
- 16567
- 17396
- 17397
- 19188
- 19607
- 20011
- 20819
- 21271
- 21272
- 21273
- 21276
- 21277
- 21723
- 23221
- 23790
- 24037
- 4446
- OVAL10017
- OVAL10038
- OVAL10063
- OVAL10084
- OVAL10307
- OVAL10384
- OVAL10416
- OVAL10511
- OVAL10660
- OVAL10822
- OVAL10877
- OVAL10962
- OVAL11074
- OVAL11104
- OVAL11133
- OVAL11198
- OVAL11294
- OVAL11341
- OVAL11452
- OVAL11454
- OVAL11516
- OVAL11541
- OVAL11580
- OVAL11703
- OVAL1237
- OVAL1242
- OVAL1246
- OVAL1346
- OVAL1496
- OVAL1526
- OVAL1629
- OVAL1659
- OVAL1689
- OVAL1714
- OVAL1727
- OVAL1747
- OVAL350
- OVAL735
- OVAL760
- OVAL840
- OVAL9310
- OVAL9569
- OVAL9589
- OVAL9653
- OVAL9805
- OVAL9810
- RHSA-2004:562
- RHSA-2004:600
- RHSA-2004:687
- RHSA-2005:032
- RHSA-2005:358
- RHSA-2005:361
- RHSA-2005:405
- RHSA-2005:406
- RHSA-2005:535
- RHSA-2005:550
- RHSA-2005:564
- RHSA-2005:582
- RHSA-2005:608
- RHSA-2005:748
- RHSA-2005:761
- RHSA-2005:762
- RHSA-2005:773
- RHSA-2005:800
- RHSA-2005:807
- RHSA-2005:812
- RHSA-2005:816
- RHSA-2006:0015
- RHSA-2006:0016
- RHSA-2006:0045
- RHSA-2006:0052
- RHSA-2006:0117
- RHSA-2006:0197
- RHSA-2006:0204
- RHSA-2006:0264
- RHSA-2006:0265
- RHSA-2006:0266
- RHSA-2007:0208
- RHSA-2008:0261
- RHSA-2008:0629
- 20060101-01-U
- 20060302-01-P
- 20060401-01-U
- SUSE-SA:2005:002
- SUSE-SA:2005:036
- SUSE-SA:2005:041
- SUSE-SA:2005:046
- SUSE-SA:2005:048
- SUSE-SA:2005:049
- SUSE-SA:2005:051
- SUSE-SA:2005:052
- SUSE-SA:2005:061
- SUSE-SA:2005:063
- SUSE-SA:2006:009
- SUSE-SA:2006:013
- SUSE-SA:2006:014
- SUSE-SA:2006:017
- SUSE-SA:2006:051
- SuSE-SA:2006:051
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
- ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
- http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29
- http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u
- http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33
- http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u
- http://fedoranews.org/updates/FEDORA--.shtml
- http://fedoranews.org/updates/FEDORA-2006-116.shtml
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:130
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:182
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:210
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:043
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:055
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:058
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
- http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
- http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
- http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
- http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
- http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2
- http://marc.theaimsgroup.com/?l=bugtraq
- http://marc.theaimsgroup.com/?l=bugtraq&m=107981737322495&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=109786159119069&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=110314318531298&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=110384374213596&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=111352585618473&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112008638320145&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112015287827452&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112015336720867&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112412415822890&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112431497300344&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=112870296926652&w=2
- http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2
- http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107520317020444&w=2
- http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107529205602320&w=2
- http://marc2.theaimsgroup.com/?l=apache-httpd-announce&m=112931556417329&w=3
- http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
- http://pear.php.net/package/XML_RPC/download/1.3.1
- http://people.apache.org/~jorton/CAN-2005-2700.diff
- http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863
- http://seclists.org/lists/bugtraq/2004/Sep/0097.html
- http://seclists.org/lists/bugtraq/2005/Jun/0025.html
- http://securitytracker.com/id?1013619
- http://sourceforge.net/project/showfiles.php?group_id=87163
- http://sourceforge.net/project/shownotes.php?release_id=338803
- http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-118.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
- http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
- http://www.ampache.org/announce/3_3_1_2.php
- http://www.apache.org/dist/httpd/CHANGES_1.3
- http://www.apache.org/dist/httpd/CHANGES_2.0
- http://www.apacheweek.com/features/security-20
- http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/0108.html
- http://www.drupal.org/security/drupal-sa-2005-002/advisory.txt
- http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
- http://www.ethereal.com/appnotes/enpa-sa-00021.html
- http://www.f-secure.com/security/fsc-2006-2.shtml
- http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
- http://www.frsirt.com/english/advisories/2005/0305
- http://www.frsirt.com/english/advisories/2005/0821
- http://www.frsirt.com/english/advisories/2005/1511
- http://www.frsirt.com/english/advisories/2005/1625
- http://www.frsirt.com/english/advisories/2005/2036
- http://www.frsirt.com/english/advisories/2005/2088
- http://www.frsirt.com/english/advisories/2005/2125
- http://www.frsirt.com/english/advisories/2005/2140
- http://www.frsirt.com/english/advisories/2005/2404
- http://www.frsirt.com/english/advisories/2005/2659
- http://www.frsirt.com/english/advisories/2005/2710
- http://www.frsirt.com/english/advisories/2005/2827
- http://www.frsirt.com/english/advisories/2005/2908
- http://www.frsirt.com/english/advisories/2005/3002
- http://www.frsirt.com/english/advisories/2005/3056
- http://www.frsirt.com/english/advisories/2006/0610
- http://www.frsirt.com/english/advisories/2006/0789
- http://www.frsirt.com/english/advisories/2006/0915
- http://www.frsirt.com/english/advisories/2006/1018
- http://www.frsirt.com/english/advisories/2006/1049
- http://www.frsirt.com/english/advisories/2006/1051
- http://www.frsirt.com/english/advisories/2006/1068
- http://www.frsirt.com/english/advisories/2006/1072
- http://www.frsirt.com/english/advisories/2006/1139
- http://www.frsirt.com/english/advisories/2006/1157
- http://www.frsirt.com/english/advisories/2006/1529
- http://www.frsirt.com/english/advisories/2006/2189
- http://www.frsirt.com/english/advisories/2006/2490
- http://www.frsirt.com/english/advisories/2006/3531
- http://www.frsirt.com/english/advisories/2006/4207
- http://www.frsirt.com/english/advisories/2006/4320
- http://www.frsirt.com/english/advisories/2006/4502
- http://www.frsirt.com/english/advisories/2006/4680
- http://www.frsirt.com/english/advisories/2007/0326
- http://www.frsirt.com/english/advisories/2007/0343
- http://www.gentoo.org/security/en/glsa/18956.xml
- http://www.gulftech.org/?node=research
- http://www.gulftech.org/?node=research&article_id=00087-07012005
- http://www.hardened-php.net/advisories/012004.txt
- http://www.hardened-php.net/advisory-022005.php
- http://www.hardened-php.net/advisory_152005.67.html
- http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
- http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:135
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:181
- http://www.novell.com/linux/download/updates/92_x86_64.html
- http://www.openbsd.org/errata38.html#sendmail
- http://www.openpkg.org/security/OpenPKG-SA-2005.017-modssl.html
- http://www.openssl.org/news/secadv_20051011.txt
- http://www.php.net/release_4_3_10.php
- http://www.php.net/release_4_4_1.php
- http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
- http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html
- http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html
- http://www.redhat.com/support/errata/RHSA-2004-600.html
- http://www.redhat.com/support/errata/RHSA-2004-687.html
- http://www.securiteam.com/securityreviews/5GP0220G0U.html
- http://www.securityfocus.com/advisories/9028
- http://www.securityfocus.com/advisories/9444
- http://www.securityfocus.com/advisories/9445
- http://www.securityfocus.com/archive/1/394797
- http://www.securityfocus.com/archive/1/395093
- http://www.securityfocus.com/archive/1/402741
- http://www.securityfocus.com/archive/1/408125
- http://www.securityfocus.com/archive/1/428536/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/425289/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/425397/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/425974/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/428656/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/428892/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/bid/11964
- http://www.securityfocus.com/bid/11992
- http://www.securityreason.com/adv/phpAdsnew.SR.16.asc
- http://www.sendmail.com/company/advisory/index.shtml
- http://www.sudo.ws/sudo/alerts/path_race.html
- http://www.trustix.org/errata/2004/0061/
- http://www.trustix.org/errata/2006/0008
- http://www.trustix.org/errata/2006/0012/
- http://www.trustix.org/errata/2006/0014
- http://www.ubuntu.com/usn/usn-160-2
- http://www.ubuntu.com/usn/usn-177-1
- http://www.ubuntu.com/usn/usn-192-1/
- http://www.ubuntu.com/usn/usn-242-1
- http://www.ubuntu.com/usn/usn-252-1
- http://www.ubuntulinux.org/support/documentation
- http://www.ubuntulinux.org/support/documentation/usn/usn-112-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-205-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-220-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-264-1
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
- http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
- http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
- http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
- http://xforce.iss.net/xforce/alerts/id/216
- http://xforce.iss.net/xforce/xfdb/17671
- http://xforce.iss.net/xforce/xfdb/17930
- https://bugzilla.fedora.us/show_bug.cgi?id=2058
- https://bugzilla.fedora.us/show_bug.cgi?id=2344
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195
- https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
- 15547
- 17303
- 17671
- 17930
- 18514
- 18517
- 19920
- 20930
- 21070
- 21080
- 21879
- 21880
- 22006
- 22721
- 23139
- 23329
- 23332
- 23334
- 23342
- 23344
- 24282
- 24584
- 24744
- 25184
- 25374
- 35287
View more
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center