CVE-2004-0885 : The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSui

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Published 2004-11-03 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-0885

Apache » Http Server » Version: 2.0.35
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.36
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.39
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.37
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.38
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.42
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.40
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.41
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.43
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.44
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.45
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.46
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.47
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.48
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.49
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.50
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.51
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.52
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2004-0885

Top countries where our scanners detected CVE-2004-0885

Top open port discovered on systems with this issue 7547

IPs affected by CVE-2004-0885 98,019

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2004-0885!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2004-0885

EPSS FAQ

6.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0885

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2004-0885

Apache 2008-07-02

Fixed in Apache HTTP Server 2.0.53: http://httpd.apache.org/security/vulnerabilities_20.html

References for CVE-2004-0885

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E

Apache Mail Archives

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2004-600.html

Support
Patch;Vendor Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E

svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail Archives

CVEs referencing this url
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E

svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s

CVEs referencing this url
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E

CVEs referencing this url
http://www.ubuntu.com/usn/usn-177-1

USN-177-1: Apache 2 vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109786159119069&w=2

'[OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)' - MARC
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-816.html

Support

CVEs referencing this url
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E

svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384

404 Not Found
http://www.redhat.com/support/errata/RHSA-2004-562.html

Support

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/0789

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E

CVEs referencing this url
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123

CVEs referencing this url
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E

CVEs referencing this url
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E

svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail Archives

CVEs referencing this url
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E

svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/-Apache Mail Archives

CVEs referencing this url
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail Archives

CVEs referencing this url
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E

svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/17671
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s

CVEs referencing this url
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505

31505 – SSLCipherSuite can be bypassed during renegotiation
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E

svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

CVEs referencing this url
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
http://www.apacheweek.com/features/security-20

Apache HTTP Server 2.0 vulnerabilities - The Apache HTTP Server Project

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0261.html

Support

CVEs referencing this url
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail Archives

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

CVEs referencing this url
http://www.securityfocus.com/bid/11360
http://secunia.com/advisories/19072

About Secunia Research | Flexera

CVEs referencing this url