CVE-2004-0700
First published: Wed Jul 21 2004(Updated: )
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Mod SSL | =2.3.11 | |
| CentOS Mod SSL | =2.4.0 | |
| CentOS Mod SSL | =2.4.1 | |
| CentOS Mod SSL | =2.4.2 | |
| CentOS Mod SSL | =2.4.3 | |
| CentOS Mod SSL | =2.4.4 | |
| CentOS Mod SSL | =2.4.5 | |
| CentOS Mod SSL | =2.4.6 | |
| CentOS Mod SSL | =2.4.7 | |
| CentOS Mod SSL | =2.4.8 | |
| CentOS Mod SSL | =2.4.9 | |
| CentOS Mod SSL | =2.4.10 | |
| CentOS Mod SSL | =2.5.0 | |
| CentOS Mod SSL | =2.5.1 | |
| CentOS Mod SSL | =2.6.0 | |
| CentOS Mod SSL | =2.6.1 | |
| CentOS Mod SSL | =2.6.2 | |
| CentOS Mod SSL | =2.6.3 | |
| CentOS Mod SSL | =2.6.4 | |
| CentOS Mod SSL | =2.6.5 | |
| CentOS Mod SSL | =2.6.6 | |
| CentOS Mod SSL | =2.7.0 | |
| CentOS Mod SSL | =2.7.1 | |
| CentOS Mod SSL | =2.8.0 | |
| CentOS Mod SSL | =2.8.1 | |
| CentOS Mod SSL | =2.8.1.2 | |
| CentOS Mod SSL | =2.8.2 | |
| CentOS Mod SSL | =2.8.3 | |
| CentOS Mod SSL | =2.8.4 | |
| CentOS Mod SSL | =2.8.5 | |
| CentOS Mod SSL | =2.8.5.1 | |
| CentOS Mod SSL | =2.8.5.2 | |
| CentOS Mod SSL | =2.8.6 | |
| CentOS Mod SSL | =2.8.7 | |
| CentOS Mod SSL | =2.8.8 | |
| CentOS Mod SSL | =2.8.9 | |
| CentOS Mod SSL | =2.8.10 | |
| CentOS Mod SSL | =2.8.12 | |
| CentOS Mod SSL | =2.8.14 | |
| CentOS Mod SSL | =2.8.15 | |
| CentOS Mod SSL | =2.8.16 | |
| CentOS Mod SSL | =2.8.17 | |
| CentOS Mod SSL | =2.8.18 | |
| Gentoo Linux | =1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/303448
- http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
- http://virulent.siyahsapka.org/
- http://www.debian.org/security/2004/dsa-532
- https://bugzilla.fedora.us/show_bug.cgi?id=1888
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
- http://www.redhat.com/support/errata/RHSA-2004-405.html
- http://www.redhat.com/support/errata/RHSA-2004-408.html
- http://www.securityfocus.com/bid/10736
- http://www.osvdb.org/7929
- http://www.ubuntu.com/usn/usn-177-1
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
- http://marc.info/?l=apache-modssl&m=109001100906749&w=2
- http://marc.info/?l=bugtraq&m=109005001205991&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
Frequently Asked Questions
What is the severity of CVE-2004-0700?
CVE-2004-0700 is considered to have a high severity as it may allow remote attackers to execute arbitrary code via format string vulnerabilities.
How do I fix CVE-2004-0700?
To fix CVE-2004-0700, upgrade to a patched version of mod_ssl that is equal to or later than 2.8.19.
Which software versions are affected by CVE-2004-0700?
CVE-2004-0700 affects mod_ssl versions prior to 2.8.19, including various versions like 2.6.2, 2.8.1.2, and others listed in the CVE database.
What attacks can exploit CVE-2004-0700?
Attackers can exploit CVE-2004-0700 to execute arbitrary commands through crafted log messages in HTTPS requests.
Is my system vulnerable to CVE-2004-0700?
You may be vulnerable to CVE-2004-0700 if you are using an affected version of mod_ssl prior to 2.8.19.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mod ssl
- canonical/centos mod ssl
- version/centos mod ssl/2.3.11
- version/centos mod ssl/2.4.0
- version/centos mod ssl/2.4.1
- version/centos mod ssl/2.4.2
- version/centos mod ssl/2.4.3
- version/centos mod ssl/2.4.4
- version/centos mod ssl/2.4.5
- version/centos mod ssl/2.4.6
- version/centos mod ssl/2.4.7
- version/centos mod ssl/2.4.8
- version/centos mod ssl/2.4.9
- version/centos mod ssl/2.4.10
- version/centos mod ssl/2.5.0
- version/centos mod ssl/2.5.1
- version/centos mod ssl/2.6.0
- version/centos mod ssl/2.6.1
- version/centos mod ssl/2.6.2
- version/centos mod ssl/2.6.3
- version/centos mod ssl/2.6.4
- version/centos mod ssl/2.6.5
- version/centos mod ssl/2.6.6
- version/centos mod ssl/2.7.0
- version/centos mod ssl/2.7.1
- version/centos mod ssl/2.8.0
- version/centos mod ssl/2.8.1
- version/centos mod ssl/2.8.1.2
- version/centos mod ssl/2.8.2
- version/centos mod ssl/2.8.3
- version/centos mod ssl/2.8.4
- version/centos mod ssl/2.8.5
- version/centos mod ssl/2.8.5.1
- version/centos mod ssl/2.8.5.2
- version/centos mod ssl/2.8.6
- version/centos mod ssl/2.8.7
- version/centos mod ssl/2.8.8
- version/centos mod ssl/2.8.9
- version/centos mod ssl/2.8.10
- version/centos mod ssl/2.8.12
- version/centos mod ssl/2.8.14
- version/centos mod ssl/2.8.15
- version/centos mod ssl/2.8.16
- version/centos mod ssl/2.8.17
- version/centos mod ssl/2.8.18
- vendor/gentoo
- canonical/gentoo linux
- version/gentoo linux/1.4