Description
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
Products
- mod_ssl
- mod_ssl 2.0.39
- mod_ssl 2.0.40
- mod_ssl 2.0.43
- mod_ssl 2.0.44
- mod_ssl 2.0.45
- mod_ssl 2.0.47
- mod_ssl 2.0.48
- mod_ssl 2.0.49
- mod_ssl 2.0.50
- mod_ssl 2.0.51
- mod_ssl 2.0.52
- mod_ssl 2.0.53
- Mod_ssl 2.0.54
- Mod_ssl 2.0.55
- mod_ssl 2.0.58
- mod_ssl 2.0.59
- mod_ssl 2.1.9
- mod_ssl 2.2.0
- mod_ssl 2.2.2
- mod_ssl 2.2.3
- mod_ssl 2.2.4
- mod_ssl 2.3.5
- mod_ssl 2.4.1
- mod_ssl 2.4.5
- mod_ssl 2.6.4
- mod_ssl 2.6.6
- mod_ssl 2.7.1
- mod_ssl 2.7.2
- mod_ssl 2.8.0
- mod_ssl 2.8.1
- mod_ssl 2.8.2
- mod_ssl 2.8.3
- mod_ssl 2.8.4
- mod_ssl 2.8.5
- mod_ssl 2.8.7
- mod_ssl 2.8.8
- mod_ssl 2.8.9
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0653, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0653 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References