ID CVE-2004-0700
Summary Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
References
Vulnerable Configurations
  • cpe:2.3:a:mod_ssl:mod_ssl:2.3.11
    cpe:2.3:a:mod_ssl:mod_ssl:2.3.11
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.0
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.0
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.10
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.10
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.3
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.3
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.4
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.4
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.5
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.5
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.6
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.6
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.7
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.7
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.8
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.8
  • cpe:2.3:a:mod_ssl:mod_ssl:2.4.9
    cpe:2.3:a:mod_ssl:mod_ssl:2.4.9
  • cpe:2.3:a:mod_ssl:mod_ssl:2.5.0
    cpe:2.3:a:mod_ssl:mod_ssl:2.5.0
  • cpe:2.3:a:mod_ssl:mod_ssl:2.5.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.5.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.0
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.0
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.3
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.3
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.4
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.4
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.5
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.5
  • cpe:2.3:a:mod_ssl:mod_ssl:2.6.6
    cpe:2.3:a:mod_ssl:mod_ssl:2.6.6
  • cpe:2.3:a:mod_ssl:mod_ssl:2.7.0
    cpe:2.3:a:mod_ssl:mod_ssl:2.7.0
  • cpe:2.3:a:mod_ssl:mod_ssl:2.7.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.7.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.0
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.0
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.10
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.10
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.12
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.12
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.14
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.14
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.15
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.15
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.16
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.16
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.17
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.17
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.18
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.18
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.3
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.3
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.4
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.4
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.5
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.5
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.6
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.6
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.7
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.7
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.8
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.8
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.9
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.9
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-408.NASL
    description An updated mod_ssl package for Apache that fixes a format string vulnerability is now available. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A format string issue was discovered in mod_ssl for Apache 1.3 which can be triggered if mod_ssl is configured to allow a client to proxy to remote SSL sites. In order to exploit this issue, a user who is authorized to use Apache as a proxy would have to attempt to connect to a carefully crafted hostname via SSL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0700 to this issue. Users of mod_ssl should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14698
    published 2004-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14698
    title RHEL 2.1 : mod_ssl (RHSA-2004:408)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_APACHE+SSL_13312819.NASL
    description The following package needs to be updated: apache+mod_ssl+ipv6
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 15509
    published 2004-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15509
    title FreeBSD : apache13-modssl -- format string vulnerability in proxy support (8)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-532.NASL
    description Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. - CAN-2004-0700 Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15369
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15369
    title Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
  • NASL family Web Servers
    NASL id MOD_SSL_HOOK_FUNCTIONS_FORMAT_STRING_VULN.NASL
    description The remote host is using a version vulnerable of mod_ssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host. *** Some vendors patched older versions of mod_ssl, so this *** might be a false positive. Check with your vendor to determine *** if you have a version of mod_ssl that is patched for this *** vulnerability
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 13651
    published 2004-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13651
    title Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-177-1.NASL
    description Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. (CAN-2005-2700) Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server. (CAN-2005-2728) The updated libapache-mod-ssl also fixes two older Denial of Service vulnerabilities: A format string error in the ssl_log() function which could be exploited to crash the server (CAN-2004-0700), and a flaw in the SSL cipher negotiation which could be exploited to terminate a session (CAN-2004-0885). Please note that Apache 1.3 and libapache-mod-ssl are not officially supported (they are in the 'universe' component of the Ubuntu archive). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20587
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20587
    title Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_18974C8A1FBD11D9814E0001020EED82.NASL
    description A OpenPKG Security Advisory reports : Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 36579
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36579
    title FreeBSD : apache13-modssl -- format string vulnerability in proxy support (18974c8a-1fbd-11d9-814e-0001020eed82)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-075.NASL
    description Ralf S. Engelschall found a remaining risky call to ssl_log while reviewing code for another issue reported by Virulent. The updated packages are patched to correct the problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14173
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14173
    title Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:075)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0523.NASL
    description Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63857
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63857
    title RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
redhat via4
advisories
  • rhsa
    id RHSA-2004:405
  • rhsa
    id RHSA-2004:408
refmap via4
bid 10736
bugtraq 20040716 [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache)
cert-vn VU#303448
conectiva CLA-2004:857
debian DSA-532
fedora FLSA:1888
mandrake MDKSA-2004:075
misc
mlist [apache-modssl] 20040716 [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
osvdb 7929
ubuntu USN-177-1
xf apache-modssl-format-string(16705)
Last major update 17-10-2016 - 22:48
Published 27-07-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top