CVE-2005-1268 — Off-by-one Error in Apache Http Server

CWE-193 — Off-by-one Error8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

4.3%

top 11.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedAug 5

Latest updateMay 1

Description

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapache/http_server2.0.35 — 2.0.54

▶NVDredhat/enterprise_linux_server3.0, 4.0+1

▶NVDredhat/enterprise_linux_desktop3.0, 4.0+1

▶NVDredhat/enterprise_linux_workstation3.0, 4.0+1

Also affects: Debian Linux 3.1

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcfg-8mwj-24g2: Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attacke↗2022-05-01

▶

CVEList

CVE-2005-1268: Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attacke↗2005-08-05

▶

OSV

CVE-2005-1268: Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attacke↗2005-08-05

▶

📋Vendor Advisories

Ubuntu

Apache 2 vulnerabilities↗2005-08-04

▶

Red Hat

security flaw↗2005-06-08

▶

Debian

CVE-2005-1268: apache2 - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification c...↗2005

▶

💬Community

Bugzilla

CVE-2005-1268 security flaw↗2018-08-16

▶