CVE-2004-0700
published 2004-07-27CVE-2004-0700: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.80%
92.2th percentile
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gentoo | linux | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
| mod_ssl | mod_ssl | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mod_proxy hook format string
vendor_redhat·2004-07-16·CVSS 7.5
CVE-2004-0700 [HIGH] mod_proxy hook format string
mod_proxy hook format string
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
GHSA
GHSA-mm6m-9rf6-5j2q: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log
ghsa_unreviewed·2022-04-29
CVE-2004-0700 [HIGH] GHSA-mm6m-9rf6-5j2q: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857http://marc.info/?l=apache-modssl&m=109001100906749&w=2http://marc.info/?l=bugtraq&m=109005001205991&w=2http://packetstormsecurity.org/0407-advisories/modsslFormat.txthttp://virulent.siyahsapka.org/http://www.debian.org/security/2004/dsa-532http://www.kb.cert.org/vuls/id/303448http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075http://www.osvdb.org/7929http://www.redhat.com/support/errata/RHSA-2004-405.htmlhttp://www.redhat.com/support/errata/RHSA-2004-408.htmlhttp://www.securityfocus.com/bid/10736http://www.ubuntu.com/usn/usn-177-1https://bugzilla.fedora.us/show_bug.cgi?id=1888https://exchange.xforce.ibmcloud.com/vulnerabilities/16705http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857http://marc.info/?l=apache-modssl&m=109001100906749&w=2http://marc.info/?l=bugtraq&m=109005001205991&w=2http://packetstormsecurity.org/0407-advisories/modsslFormat.txthttp://virulent.siyahsapka.org/http://www.debian.org/security/2004/dsa-532http://www.kb.cert.org/vuls/id/303448http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075http://www.osvdb.org/7929http://www.redhat.com/support/errata/RHSA-2004-405.htmlhttp://www.redhat.com/support/errata/RHSA-2004-408.htmlhttp://www.securityfocus.com/bid/10736http://www.ubuntu.com/usn/usn-177-1https://bugzilla.fedora.us/show_bug.cgi?id=1888https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
2004-07-27
Published