CVE-2004-0488
libapache-mod-ssl - several vulnerabilities
EPSS 62.7%
Description
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
How to fix CVE-2004-0488
To remediate CVE-2004-0488, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.0.50-1 or later
- Debian/libapache-mod-ssl—upgrade to 2.8.9-2.4 or later
Is CVE-2004-0488 being exploited?
Likely — EPSS is 62.7%, placing CVE-2004-0488 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.0.50-1
- from 0, < 2.8.9-2.4