CVE-2002-0653
published 2002-07-11CVE-2002-0653: Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows…
PriorityP422high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.10%
61.5th percentile
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modssl | mod_ssl | <= 2.8.9 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-06-24·CVSS 7.8
CVE-2002-0653 [HIGH] security flaw
security flaw
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
Red Hat
CVE-2009-0653: OpenSSL, probably 0
vendor_redhat·CVSS 7.5
CVE-2009-0653 [HIGH] CVE-2009-0653: OpenSSL, probably 0
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
Statement: Not vulnerable. This issue was addressed in upstream OpenSSL prior to 0.9.6 and therefore does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
GHSA
GHSA-chfp-36fq-v6g3: Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2
ghsa_unreviewed·2022-05-03
CVE-2002-0653 [MEDIUM] GHSA-chfp-36fq-v6g3: Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
No detection rules found.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txthttp://archives.neohapsis.com/archives/bugtraq/2002-06/0350.htmlhttp://archives.neohapsis.com/archives/hp/2002-q3/0018.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504http://marc.info/?l=bugtraq&m=102513970919836&w=2http://marc.info/?l=bugtraq&m=102563469326072&w=2http://marc.info/?l=vuln-dev&m=102477330617604&w=2http://rhn.redhat.com/errata/RHSA-2002-164.htmlhttp://www.debian.org/security/2002/dsa-135http://www.iss.net/security_center/static/9415.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.phphttp://www.novell.com/linux/security/advisories/2002_028_mod_ssl.htmlhttp://www.redhat.com/support/errata/RHSA-2002-134.htmlhttp://www.redhat.com/support/errata/RHSA-2002-135.htmlhttp://www.redhat.com/support/errata/RHSA-2002-136.htmlhttp://www.redhat.com/support/errata/RHSA-2002-146.htmlhttp://www.redhat.com/support/errata/RHSA-2003-106.htmlhttp://www.securityfocus.com/bid/5084ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txthttp://archives.neohapsis.com/archives/bugtraq/2002-06/0350.htmlhttp://archives.neohapsis.com/archives/hp/2002-q3/0018.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504http://marc.info/?l=bugtraq&m=102513970919836&w=2http://marc.info/?l=bugtraq&m=102563469326072&w=2http://marc.info/?l=vuln-dev&m=102477330617604&w=2http://rhn.redhat.com/errata/RHSA-2002-164.htmlhttp://www.debian.org/security/2002/dsa-135http://www.iss.net/security_center/static/9415.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.phphttp://www.novell.com/linux/security/advisories/2002_028_mod_ssl.htmlhttp://www.redhat.com/support/errata/RHSA-2002-134.htmlhttp://www.redhat.com/support/errata/RHSA-2002-135.htmlhttp://www.redhat.com/support/errata/RHSA-2002-136.htmlhttp://www.redhat.com/support/errata/RHSA-2002-146.htmlhttp://www.redhat.com/support/errata/RHSA-2003-106.htmlhttp://www.securityfocus.com/bid/5084
2002-07-11
Published