cbcvebase.
CVE-2002-0082
published 2002-03-15

CVE-2002-0082: The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the…

PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
29.88%
98.0th percentile
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Affected

14 ranges
VendorProductVersion rangeFixed in
apache-sslapache-ssl
apache-sslapache-ssl
apache-sslapache-ssl
apache-sslapache-ssl
apache-sslapache-ssl
apache-sslapache-ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl
mod_sslmod_ssl

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.