CVE-2008-1678
apache2 - denial of service (memory leak in mod_ssl)
EPSS 9.8%
Description
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
How to fix CVE-2008-1678
To remediate CVE-2008-1678, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.8-4 or later
- Debian/apache2—upgrade to 2.2.8-4~lenny1 or later
Is CVE-2008-1678 being exploited?
Moderate — EPSS is 9.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.2.8-4
- from 0, < 2.2.8-4~lenny1