CVE-2002-0082

Published Mar 15, 2002

Last updated 8 years ago

Overview

Description: The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFF77CC7-14EE-44E6-ADD8-17DEFD336BE0"
          },
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075C7AD9-B254-4CAD-8E71-D0DB542D90E6"
          },
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD50710F-6471-4CB7-9047-BC0285F92A68"
          },
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF68B78-F29E-4A4F-9F7B-E408F606C14D"
          },
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3154AB7-23F9-4D0D-935A-D530DC1F110C"
          },
          {
            "criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2716A670-2751-4348-8F56-0F2427D660CD"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB888875-1AFC-4569-B783-CDE92B717882"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E1E3411-A16E-4B11-983D-C83644B471CA"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C39E94EF-FEF4-41CA-BCD5-F3273D40D0F0"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08A7DE9F-3088-445E-A09A-FC8E155C4E95"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3906A1FB-3105-4248-B9D2-B915AEF90E9A"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1DB98C0-A15B-4186-8DAC-D906ABBEC2F7"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15B615EC-D5AF-4C62-AF0A-453F7FD11DAD"
          },
          {
            "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50211658-1959-4E97-9FF5-6ABAF3B98C36"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References