CVE-2004-0885 — Apache Http Server vulnerability

8 documents7 sources

Severity

7.5HIGHNVD

EPSS

6.1%

top 9.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedNov 3

Latest updateApr 29

Description

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapache/http_server18 versions+17

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxhg-c875-v6qf: The mod_ssl module in Apache 2↗2022-04-29

▶

OSV

CVE-2004-0885: The mod_ssl module in Apache 2↗2004-11-03

▶

CVEList

CVE-2004-0885: The mod_ssl module in Apache 2↗2004-10-16

▶

📋Vendor Advisories

Red Hat

mod_ssl SSLCipherSuite bypass↗2004-10-05

▶

Debian

CVE-2004-0885: apache2 - The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSui...↗2004

▶

💬Community

Bugzilla

CVE-2004-0885 mod_ssl SSLCipherSuite bypass↗2008-01-29

▶

Bugzilla

CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)↗2005-10-25

▶