CVE-2004-0885
First published: Sat Oct 16 2004(Updated: )
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | =2.0.42 | |
| Apache Http Server | =2.0.47 | |
| Apache Http Server | =2.0.50 | |
| Apache Http Server | =2.0.35 | |
| Apache Http Server | =2.0.37 | |
| Apache Http Server | =2.0.44 | |
| Apache Http Server | =2.0.39 | |
| Apache Http Server | =2.0.52 | |
| Apache Http Server | =2.0.51 | |
| Apache Http Server | =2.0.41 | |
| Apache Http Server | =2.0.49 | |
| Apache Http Server | =2.0.38 | |
| Apache Http Server | =2.0.48 | |
| Apache Http Server | =2.0.45 | |
| Apache Http Server | =2.0.40 | |
| Apache Http Server | =2.0.36 | |
| Apache Http Server | =2.0.46 | |
| Apache Http Server | =2.0.43 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2004-600.html
- http://www.apacheweek.com/features/security-20
- http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- http://www.ubuntu.com/usn/usn-177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://www.redhat.com/support/errata/RHSA-2004-562.html
- http://www.redhat.com/support/errata/RHSA-2005-816.html
- http://www.securityfocus.com/bid/11360
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.vupen.com/english/advisories/2006/0789
- http://marc.info/?l=bugtraq&m=109786159119069&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2004-0885?
CVE-2004-0885 has a medium severity rating, allowing remote clients to bypass SSL cipher restrictions.
How do I fix CVE-2004-0885?
To fix CVE-2004-0885, update Apache HTTP Server to a version later than 2.0.52.
What versions are affected by CVE-2004-0885?
Versions of Apache HTTP Server ranging from 2.0.35 to 2.0.52 are affected by CVE-2004-0885.
Is CVE-2004-0885 a remote exploitation vulnerability?
Yes, CVE-2004-0885 allows remote exploitation due to improper handling of the SSLCipherSuite directive.
What impact does CVE-2004-0885 have on secure connections?
CVE-2004-0885 can potentially weaken the security of SSL connections by enabling unauthorized cipher suite usage.
- agent/references
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/apache
- product/http server
- canonical/apache http server
- agent/softwarecombine
- agent/tags
- agent/source
- version/apache http server/2.0.35
- version/apache http server/2.0.36
- version/apache http server/2.0.37
- version/apache http server/2.0.38
- version/apache http server/2.0.39
- version/apache http server/2.0.40
- version/apache http server/2.0.41
- version/apache http server/2.0.42
- version/apache http server/2.0.43
- version/apache http server/2.0.44
- version/apache http server/2.0.45
- version/apache http server/2.0.46
- version/apache http server/2.0.47
- version/apache http server/2.0.48
- version/apache http server/2.0.49
- version/apache http server/2.0.50
- version/apache http server/2.0.51
- version/apache http server/2.0.52