CVE-2004-0885
EPSS 6.1%
Description
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
How to fix CVE-2004-0885
To remediate CVE-2004-0885, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.0.52-2 or later
Is CVE-2004-0885 being exploited?
Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.0.52-2