CVE-2002-0082
published 2002-03-15CVE-2002-0082: The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
29.88%
98.0th percentile
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache-ssl | apache-ssl | — | — |
| apache-ssl | apache-ssl | — | — |
| apache-ssl | apache-ssl | — | — |
| apache-ssl | apache-ssl | — | — |
| apache-ssl | apache-ssl | — | — |
| apache-ssl | apache-ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4fj5-x3ch-mc34: The dbm and shm session cache code in mod_ssl before 2
ghsa_unreviewed·2022-04-30
CVE-2002-0082 [HIGH] GHSA-4fj5-x3ch-mc34: The dbm and shm session cache code in mod_ssl before 2
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Red Hat
security flaw
vendor_redhat·2002-02-27·CVSS 7.5
CVE-2002-0082 [HIGH] security flaw
security flaw
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
No detection rules found.
Exploit-DB
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
exploitdb·2019-07-07
CVE-2002-0082 Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
Apache mod_ssl
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SSL2_MT_ERROR 0
#define SSL2_MT_CLIENT_FINISHED 3
#define SSL2_MT_SERVER_HELLO 4
#define SSL2_MT_SERVER_VERIFY 5
#define SSL2_MT_SERVER_FINISHED 6
#define SSL2_MAX_CONNECTION_ID_LENGTH 16
/* update this if you add architectures */
#define MAX_ARCH 138
struct archs {
char* desc;
int func_addr; /* objdump -R /usr/sbin/httpd | grep free */
} architectures[] = {
{"Caldera OpenLinux (apache-1.3.26)",0x080920e0},
{"Cobalt Sun 6.0 (apache-1.3.12)",0x8120f0c},
{"Cobalt Sun 6.0 (apache-1.3.20)",0x811dcb8},
{"Cobalt Sun x (apache-1.3.26)",0x8123ac3},
{"Cobalt Sun x Fixed2 (apache-1.3.26)",0x81233c3},
{"Conectiva 4 (apache-1.3.6)",0x08075398},
{"Co
Exploit-DB
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
exploitdb·2003-04-04
CVE-2002-0082 Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
Apache mod_ssl
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/* update this if you add architectures */
#define MAX_ARCH 138
struct archs {
char* desc;
int func_addr; /* objdump -R /usr/sbin/httpd | grep free */
} architectures[] = {
{
"Caldera OpenLinux (apache-1.3.26)",
0x080920e0
},
{
"Cobalt Sun 6.0 (apache-1.3.12)",
0x8120f0c
},
{
"Cobalt Sun 6.0 (apache-1.3.20)",
0x811dcb8
},
{
"Cobalt Sun x (apache-1.3.26)",
0x8123ac3
},
{
"Cobalt Sun x Fixed2 (apache-1.3.26)",
0x81233c3
},
{
"Conectiva 4 (apache-1.3.6)",
0x08075398
},
{
"Conectiva 4.1 (apache-1.3.9)",
0x0808f2fe
},
{
"Conectiva 6 (apache-1.3.14)",
0x0809222c
},
{
"Conectiva 7 (apache-1.3.12)",
0x0808f874
},
{
"Conectiva 7 (apache-1.3.19)",
0x08088aa0
},
{
"Conectiva
Exploit-DB
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow
exploitdb·2002-07-30
CVE-2002-0082 Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow
Apache mod_ssl
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/* update this if you add architectures */
#define MAX_ARCH 131
struct archs {
char* desc;
int func_addr; /* objdump -R /usr/sbin/apache | grep free */
} architectures[] = {
{
"Caldera OpenLinux (apache-1.3.26)",
0x080920e0
},
{
"Cobalt Sun 6.0 (apache-1.3.12)",
0x8120f0c
},
{
"Cobalt Sun 6.0 (apache-1.3.20)",
0x811dcb8
},
{
"Cobalt Sun x (apache-1.3.26)",
0x8123ac3
},
{
"Cobalt Sun x Fixed2 (apache-1.3.26)",
0x81233c3
},
{
"Conectiva 4 (apache-1.3.6)",
0x08075398
},
{
"Conectiva 4.1 (apache-1.3.9)",
0x0808f2fe
},
{
"Conectiva 6 (apache-1.3.14)",
0x0809222c
},
{
"Conectiva 7 (apache-1.3.12)",
0x0808f874
},
{
"Conectiva 7 (apache-1.3.19)",
0x08088aa0
},
{
"Conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtmlhttp://marc.info/?l=bugtraq&m=101518491916936&w=2http://marc.info/?l=bugtraq&m=101528358424306&w=2http://online.securityfocus.com/archive/1/258646http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.htmlhttp://www.apacheweek.com/issues/02-03-01#securityhttp://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txthttp://www.debian.org/security/2002/dsa-120http://www.iss.net/security_center/static/8308.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.phphttp://www.linuxsecurity.com/advisories/other_advisory-1923.htmlhttp://www.redhat.com/support/errata/RHSA-2002-041.htmlhttp://www.redhat.com/support/errata/RHSA-2002-042.htmlhttp://www.redhat.com/support/errata/RHSA-2002-045.htmlhttp://www.securityfocus.com/advisories/3965http://www.securityfocus.com/advisories/4008http://www.securityfocus.com/bid/4189http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtmlhttp://marc.info/?l=bugtraq&m=101518491916936&w=2http://marc.info/?l=bugtraq&m=101528358424306&w=2http://online.securityfocus.com/archive/1/258646http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.htmlhttp://www.apacheweek.com/issues/02-03-01#securityhttp://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txthttp://www.debian.org/security/2002/dsa-120http://www.iss.net/security_center/static/8308.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.phphttp://www.linuxsecurity.com/advisories/other_advisory-1923.htmlhttp://www.redhat.com/support/errata/RHSA-2002-041.htmlhttp://www.redhat.com/support/errata/RHSA-2002-042.htmlhttp://www.redhat.com/support/errata/RHSA-2002-045.htmlhttp://www.securityfocus.com/advisories/3965http://www.securityfocus.com/advisories/4008http://www.securityfocus.com/bid/4189
2002-03-15
Published