Vulnerability Details : CVE-2004-0700
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
Products affected by CVE-2004-0700
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0700
90.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0700
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-0700
-
https://bugzilla.fedora.us/show_bug.cgi?id=1888
-
http://www.redhat.com/support/errata/RHSA-2004-405.html
Support
-
http://www.ubuntu.com/usn/usn-177-1
USN-177-1: Apache 2 vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.kb.cert.org/vuls/id/303448
Third Party Advisory;US Government Resource
-
http://www.redhat.com/support/errata/RHSA-2004-408.html
-
http://marc.info/?l=bugtraq&m=109005001205991&w=2
-
http://www.securityfocus.com/bid/10736
-
http://marc.info/?l=apache-modssl&m=109001100906749&w=2
-
http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
-
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
-
http://virulent.siyahsapka.org/
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
-
http://www.debian.org/security/2004/dsa-532
Debian -- The Universal Operating System
Jump to