fkie_nvd - fkie_cve-2004-0700

fkie_cve-2004-0700

Vulnerability from fkie_nvd

Published

2004-07-27 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
cve@mitre.org	http://marc.info/?l=apache-modssl&m=109001100906749&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=109005001205991&w=2
cve@mitre.org	http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
cve@mitre.org	http://virulent.siyahsapka.org/
cve@mitre.org	http://www.debian.org/security/2004/dsa-532
cve@mitre.org	http://www.kb.cert.org/vuls/id/303448	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
cve@mitre.org	http://www.osvdb.org/7929
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-405.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-408.html
cve@mitre.org	http://www.securityfocus.com/bid/10736
cve@mitre.org	http://www.ubuntu.com/usn/usn-177-1
cve@mitre.org	https://bugzilla.fedora.us/show_bug.cgi?id=1888
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=apache-modssl&m=109001100906749&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109005001205991&w=2
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
af854a3a-2127-422b-91ae-364da2661108	http://virulent.siyahsapka.org/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-532
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/303448	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/7929
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2004-405.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2004-408.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10736
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-177-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.fedora.us/show_bug.cgi?id=1888
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16705

Impacted products

Vendor	Product	Version
mod_ssl	mod_ssl	2.3.11
mod_ssl	mod_ssl	2.4.0
mod_ssl	mod_ssl	2.4.1
mod_ssl	mod_ssl	2.4.2
mod_ssl	mod_ssl	2.4.3
mod_ssl	mod_ssl	2.4.4
mod_ssl	mod_ssl	2.4.5
mod_ssl	mod_ssl	2.4.6
mod_ssl	mod_ssl	2.4.7
mod_ssl	mod_ssl	2.4.8
mod_ssl	mod_ssl	2.4.9
mod_ssl	mod_ssl	2.4.10
mod_ssl	mod_ssl	2.5.0
mod_ssl	mod_ssl	2.5.1
mod_ssl	mod_ssl	2.6.0
mod_ssl	mod_ssl	2.6.1
mod_ssl	mod_ssl	2.6.2
mod_ssl	mod_ssl	2.6.3
mod_ssl	mod_ssl	2.6.4
mod_ssl	mod_ssl	2.6.5
mod_ssl	mod_ssl	2.6.6
mod_ssl	mod_ssl	2.7.0
mod_ssl	mod_ssl	2.7.1
mod_ssl	mod_ssl	2.8.0
mod_ssl	mod_ssl	2.8.1
mod_ssl	mod_ssl	2.8.1.2
mod_ssl	mod_ssl	2.8.2
mod_ssl	mod_ssl	2.8.3
mod_ssl	mod_ssl	2.8.4
mod_ssl	mod_ssl	2.8.5
mod_ssl	mod_ssl	2.8.5.1
mod_ssl	mod_ssl	2.8.5.2
mod_ssl	mod_ssl	2.8.6
mod_ssl	mod_ssl	2.8.7
mod_ssl	mod_ssl	2.8.8
mod_ssl	mod_ssl	2.8.9
mod_ssl	mod_ssl	2.8.10
mod_ssl	mod_ssl	2.8.12
mod_ssl	mod_ssl	2.8.14
mod_ssl	mod_ssl	2.8.15
mod_ssl	mod_ssl	2.8.16
mod_ssl	mod_ssl	2.8.17
mod_ssl	mod_ssl	2.8.18
gentoo	linux	1.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B29D8AB-D664-4AF1-8967-03572ECBBA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78D69A6-3F25-4048-8739-E8A064C5614D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229B381-1AD6-4AEC-8B94-0D2AF77DC60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E257E1DB-C60A-4BD4-9FE9-F3D784D30BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC3770C-D06D-496D-8F28-9A4036B498E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC894E0F-1CC9-43BF-8E83-673034BB0211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA6F650-DDBD-4A93-A4AF-73A07F362BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3234A39B-79B9-4A41-A72F-8FD1477E21C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A08F3D-CAB6-4F10-B7E3-6580FB2A6CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9C8865-9A18-4507-B9E3-48F4F19C18EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F57A822D-E474-49B1-A262-BDA9829ED2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "049AADD4-CBBB-4CA3-8105-D3D94649C6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FCB442-61F5-42B3-849D-70638627B7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F910BD4-B1C5-458B-9540-8F9E32C1FC7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC707E0-4F4D-45C2-86C4-F6764668FDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61731D0A-2C38-4C2A-8FC0-0634D7EFA0E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D81C48-613B-4021-95A9-F049CDC63E23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D73CD68-2C38-4FE8-9ABE-5558E7BF135B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B98B05-AEE6-4753-B3F3-8B09DE91985B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3061E09-41FD-4477-B8DA-AA019F63C5F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F810E15C-61CF-40D0-9F40-12B1A65F8EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BDE0520-8E51-4DFF-8CA2-5EF32281DD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB888875-1AFC-4569-B783-CDE92B717882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6F68B8-B03D-43F9-BD40-1C30829597A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C39E94EF-FEF4-41CA-BCD5-F3273D40D0F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5778FC41-73B9-46E8-8A75-1BB09D36D081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A7DE9F-3088-445E-A09A-FC8E155C4E95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3906A1FB-3105-4248-B9D2-B915AEF90E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1DB98C0-A15B-4186-8DAC-D906ABBEC2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B615EC-D5AF-4C62-AF0A-453F7FD11DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56EBBAA-30C7-4872-9966-F2DA78FC4AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AC8014-D4BE-498B-A684-D2C2AA9CDB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "50211658-1959-4E97-9FF5-6ABAF3B98C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC67365-5E6C-4BA2-B50F-5D6A6B3E7E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A320B10-6961-4A6F-BE8E-B4C1E90C0291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6535C201-61AE-4C2F-950F-D55C554DF4DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E038ED0-981E-4107-A0CC-59CBCF32D618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F857736-54C2-45DF-B93C-CA8152E433A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DDB4D6-07E4-4EF6-BF70-363543373003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "A691D1FB-75BB-400A-994A-CFAC2C276085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D44D44-51B2-479E-BC44-128B4340A93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA93449-5248-45FB-AD18-F407BADBC500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D680A59D-4BA8-4F9B-95E5-49F15B6A1388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cadena de formateo en la funci\u00f3n ssl_log en ssl_engine_log.c en mod_ssl 2.8.10 de Apache 1.3.31 puede permitir a atacantes remotos ejecutar mensajes de su elecci\u00f3n mediante especificadores de cadena de formato en ciertos mensajes de registro de HTTPS."
    }
  ],
  "id": "CVE-2004-0700",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-07-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000857"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=apache-modssl\u0026m=109001100906749\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109005001205991\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.org/0407-advisories/modsslFormat.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://virulent.siyahsapka.org/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-532"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/303448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/7929"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-408.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/10736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-177-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1888"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=apache-modssl\u0026m=109001100906749\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109005001205991\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.org/0407-advisories/modsslFormat.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://virulent.siyahsapka.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/303448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/7929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/10736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-177-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16705"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2004-0700 (GCVE-0-2004-0700)

Vulnerability from cvelistv5

Published

2004-07-21 04:00

Modified

2024-08-08 00:24