CVE-2004-0885
First published: Sat Oct 16 2004(Updated: )
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache HTTP server | =2.0.42 | |
| Apache HTTP server | =2.0.47 | |
| Apache HTTP server | =2.0.50 | |
| Apache HTTP server | =2.0.35 | |
| Apache HTTP server | =2.0.37 | |
| Apache HTTP server | =2.0.44 | |
| Apache HTTP server | =2.0.39 | |
| Apache HTTP server | =2.0.52 | |
| Apache HTTP server | =2.0.51 | |
| Apache HTTP server | =2.0.41 | |
| Apache HTTP server | =2.0.49 | |
| Apache HTTP server | =2.0.38 | |
| Apache HTTP server | =2.0.48 | |
| Apache HTTP server | =2.0.45 | |
| Apache HTTP server | =2.0.40 | |
| Apache HTTP server | =2.0.36 | |
| Apache HTTP server | =2.0.46 | |
| Apache HTTP server | =2.0.43 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2004-600.html
- http://www.apacheweek.com/features/security-20
- http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- http://www.ubuntu.com/usn/usn-177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://www.redhat.com/support/errata/RHSA-2004-562.html
- http://www.redhat.com/support/errata/RHSA-2005-816.html
- http://www.securityfocus.com/bid/11360
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.vupen.com/english/advisories/2006/0789
- http://marc.info/?l=bugtraq&m=109786159119069&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- collector/nvd-historical
- vendor/apache
- product/http server
- canonical/apache http server
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/type
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/apache http server/2.0.42
- version/apache http server/2.0.47
- version/apache http server/2.0.50
- version/apache http server/2.0.35
- version/apache http server/2.0.37
- version/apache http server/2.0.44
- version/apache http server/2.0.39
- version/apache http server/2.0.52
- version/apache http server/2.0.51
- version/apache http server/2.0.41
- version/apache http server/2.0.49
- version/apache http server/2.0.38
- version/apache http server/2.0.48
- version/apache http server/2.0.45
- version/apache http server/2.0.40
- version/apache http server/2.0.36
- version/apache http server/2.0.46
- version/apache http server/2.0.43