CVE-2004-0700

5 documents5 sources
Severity
7.5HIGH
EPSS
31.7%
top 3.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gentoo LinuxMOD SSL MOD SSL
Timeline
PublishedJul 27
Latest updateApr 29

Description

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDgentoo/linux1.4
NVDmod_ssl/mod_ssl43 versions+42

🔴Vulnerability Details

2
GHSA
GHSA-mm6m-9rf6-5j2q: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log2022-04-29
CVEList
CVE-2004-0700: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log2004-07-21

📋Vendor Advisories

1
Red Hat
mod_proxy hook format string2004-07-16

💬Community

1
Bugzilla
CVE-2004-0700 mod_proxy hook format string2008-01-30
CVE-2004-0700 (HIGH CVSS 7.5) | Format string vulnerability in the | cvebase.io