ID CVE-2004-0885
Summary The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
  • Apache Software Foundation Apache HTTP Server 2.0.40
    cpe:2.3:a:apache:http_server:2.0.40
  • Apache Software Foundation Apache HTTP Server 2.0.41
    cpe:2.3:a:apache:http_server:2.0.41
  • Apache Software Foundation Apache HTTP Server 2.0.42
    cpe:2.3:a:apache:http_server:2.0.42
  • Apache Software Foundation Apache HTTP Server 2.0.43
    cpe:2.3:a:apache:http_server:2.0.43
  • Apache Software Foundation Apache HTTP Server 2.0.44
    cpe:2.3:a:apache:http_server:2.0.44
  • Apache Software Foundation Apache HTTP Server 2.0.45
    cpe:2.3:a:apache:http_server:2.0.45
  • Apache Software Foundation Apache HTTP Server 2.0.46
    cpe:2.3:a:apache:http_server:2.0.46
  • Apache Software Foundation Apache HTTP Server 2.0.47
    cpe:2.3:a:apache:http_server:2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
    cpe:2.3:a:apache:http_server:2.0.49
  • Apache Software Foundation Apache HTTP Server 2.0.50
    cpe:2.3:a:apache:http_server:2.0.50
  • Apache Software Foundation Apache HTTP Server 2.0.51
    cpe:2.3:a:apache:http_server:2.0.51
  • Apache Software Foundation Apache HTTP Server 2.0.52
    cpe:2.3:a:apache:http_server:2.0.52
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_33075.NASL
    description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass SSLCipherSuite restrictions.
    last seen 2019-02-21
    modified 2013-04-20
    plugin id 19399
    published 2005-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19399
    title HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-562.NASL
    description Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue has been discovered in the mod_ssl module when configured to use the 'SSLCipherSuite' directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0885 to this issue. An issue has been discovered in the handling of white space in request header lines using MIME folding. A malicious client could send a carefully crafted request, forcing the server to consume large amounts of memory, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0942 to this issue. Several minor bugs were also discovered, including : - In the mod_cgi module, problems that arise when CGI scripts are invoked from SSI pages by mod_include using the '#include virtual' syntax have been fixed. - In the mod_dav_fs module, problems with the handling of indirect locks on the S/390x platform have been fixed. Users of the Apache HTTP server who are affected by these issues should upgrade to these updated packages, which contain backported patches.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15700
    published 2004-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15700
    title RHEL 3 : httpd (RHSA-2004:562)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 19463
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19463
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-177-1.NASL
    description Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. (CAN-2005-2700) Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server. (CAN-2005-2728) The updated libapache-mod-ssl also fixes two older Denial of Service vulnerabilities: A format string error in the ssl_log() function which could be exploited to crash the server (CAN-2004-0700), and a flaw in the SSL cipher negotiation which could be exploited to terminate a session (CAN-2004-0885). Please note that Apache 1.3 and libapache-mod-ssl are not officially supported (they are in the 'universe' component of the Ubuntu archive). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20587
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20587
    title Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0523.NASL
    description Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63857
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63857
    title RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4238151D207A11D9BFE20090962CFF2A.NASL
    description It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 37846
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37846
    title FreeBSD : mod_ssl -- SSLCipherSuite bypass (4238151d-207a-11d9-bfe2-0090962cff2a)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-299-01.NASL
    description New apache and mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in mod_proxy. mod_ssl was upgraded from version mod_ssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 which corrects a flaw allowing a client to use a cipher which the server does not consider secure enough. A new PHP package (php-4.3.9) is also available for all of these platforms.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18793
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18793
    title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-600.NASL
    description Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A buffer overflow was discovered in the mod_include module. This flaw could allow a local user who is authorized to create server-side include (SSI) files to gain the privileges of a httpd child (user 'apache'). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0940 to this issue. The mod_digest module does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification, which is known not to work with modern browsers. This issue does not affect mod_auth_digest. (CVE-2003-0987). An issue has been discovered in the mod_ssl module when configured to use the 'SSLCipherSuite' directive in a directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client is able to access that location using any cipher suite allowed by the virtual host configuration. (CVE-2004-0885). Several bugs in mod_ssl were also discovered, including : - memory leaks in SSL variable handling - possible crashes in the dbm and shmht session caches Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15960
    published 2004-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15960
    title RHEL 2.1 : apache, mod_ssl (RHSA-2004:600)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-21 (Apache 2, mod_ssl: Bypass of SSLCipherSuite directive) A flaw has been found in mod_ssl where the 'SSLCipherSuite' directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites. Impact : A remote attacker could gain access to a location using any cipher suite allowed by the server/virtual host configuration, disregarding the restrictions by 'SSLCipherSuite' for that location. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 15545
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15545
    title GLSA-200410-21 : Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20041202.NASL
    description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 15898
    published 2004-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15898
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-122.NASL
    description A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15602
    published 2004-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15602
    title Mandrake Linux Security Advisory : mod_ssl/apache2-mod_ssl (MDKSA-2004:122)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MOD_SSL_13312820.NASL
    description The following package needs to be updated: apache+mod_ssl+ipv6
    last seen 2016-09-26
    modified 2004-10-27
    plugin id 15576
    published 2004-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15576
    title FreeBSD : mod_ssl -- SSLCipherSuite bypass (112)
oval via4
accepted 2013-04-29T04:05:12.147-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
family unix
id oval:org.mitre.oval:def:10384
status accepted
submitted 2010-07-09T03:56:16-04:00
title The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2004:562
  • rhsa
    id RHSA-2004:600
  • rhsa
    id RHSA-2005:816
  • rhsa
    id RHSA-2008:0261
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
bid 11360
bugtraq 20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)
confirm
hp HPSBUX01123
secunia 19072
sunalert 102198
ubuntu USN-177-1
vupen ADV-2006-0789
xf apache-sslciphersuite-restriction-bypass(17671)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.53: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:49
Published 03-11-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top