Required CVE Record Information
Description
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
References 10 Total
- securityreason.com: 3797 third-party-advisory
- http://www.cynops.de/advisories/CVE-2008-0555.txt
- vupen.com: ADV-2008-1079 vdb-entry
- http://www.apache-ssl.org/advisory-cve-2008-0555.txt
- exchange.xforce.ibmcloud.com: apachessl-expandcert-information-disclosure(41618) vdb-entry
- securityfocus.com: 28576 vdb-entry
- http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt
- secunia.com: 29644 third-party-advisory
- securitytracker.com: 1019784 vdb-entry
- securityfocus.com: 20080402 ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 10 Total
- securityreason.com: 3797 third-party-advisoryx_transferred
- http://www.cynops.de/advisories/CVE-2008-0555.txt x_transferred
- vupen.com: ADV-2008-1079 vdb-entryx_transferred
- http://www.apache-ssl.org/advisory-cve-2008-0555.txt x_transferred
- exchange.xforce.ibmcloud.com: apachessl-expandcert-information-disclosure(41618) vdb-entryx_transferred
- securityfocus.com: 28576 vdb-entryx_transferred
- http://www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt x_transferred
- secunia.com: 29644 third-party-advisoryx_transferred
- securitytracker.com: 1019784 vdb-entryx_transferred
- securityfocus.com: 20080402 ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59 mailing-listx_transferred