Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0700

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Jul, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:24
Rejected At-
Credits

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Jul, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:24
Rejected At:
▼CVE Numbering Authority (CNA)

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://virulent.siyahsapka.org/
x_refsource_MISC
http://www.osvdb.org/7929
vdb-entry
x_refsource_OSVDB
http://www.ubuntu.com/usn/usn-177-1
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/10736
vdb-entry
x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2004-405.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
vdb-entry
x_refsource_XF
http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
x_refsource_MISC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
vendor-advisory
x_refsource_CONECTIVA
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
vendor-advisory
x_refsource_MANDRAKE
http://www.debian.org/security/2004/dsa-532
vendor-advisory
x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2004-408.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.fedora.us/show_bug.cgi?id=1888
vendor-advisory
x_refsource_FEDORA
http://marc.info/?l=apache-modssl&m=109001100906749&w=2
mailing-list
x_refsource_MLIST
http://www.kb.cert.org/vuls/id/303448
third-party-advisory
x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=109005001205991&w=2
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://virulent.siyahsapka.org/
Resource:
x_refsource_MISC
Hyperlink: http://www.osvdb.org/7929
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.ubuntu.com/usn/usn-177-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/10736
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-405.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
Resource:
x_refsource_MISC
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.debian.org/security/2004/dsa-532
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-408.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=1888
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://marc.info/?l=apache-modssl&m=109001100906749&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.kb.cert.org/vuls/id/303448
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://marc.info/?l=bugtraq&m=109005001205991&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://virulent.siyahsapka.org/
x_refsource_MISC
x_transferred
http://www.osvdb.org/7929
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.ubuntu.com/usn/usn-177-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/10736
vdb-entry
x_refsource_BID
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-405.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
vdb-entry
x_refsource_XF
x_transferred
http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
x_refsource_MISC
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.debian.org/security/2004/dsa-532
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-408.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.fedora.us/show_bug.cgi?id=1888
vendor-advisory
x_refsource_FEDORA
x_transferred
http://marc.info/?l=apache-modssl&m=109001100906749&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.kb.cert.org/vuls/id/303448
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://marc.info/?l=bugtraq&m=109005001205991&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://virulent.siyahsapka.org/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.osvdb.org/7929
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-177-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/10736
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-405.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-532
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-408.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=1888
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://marc.info/?l=apache-modssl&m=109001100906749&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/303448
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=109005001205991&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jul, 2004 | 04:00
Updated At:03 Apr, 2025 | 01:03

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
mod_ssl
mod_ssl
>>mod_ssl>>2.3.11
cpe:2.3:a:mod_ssl:mod_ssl:2.3.11:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.0
cpe:2.3:a:mod_ssl:mod_ssl:2.4.0:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.1
cpe:2.3:a:mod_ssl:mod_ssl:2.4.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.2
cpe:2.3:a:mod_ssl:mod_ssl:2.4.2:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.3
cpe:2.3:a:mod_ssl:mod_ssl:2.4.3:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.4
cpe:2.3:a:mod_ssl:mod_ssl:2.4.4:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.5
cpe:2.3:a:mod_ssl:mod_ssl:2.4.5:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.6
cpe:2.3:a:mod_ssl:mod_ssl:2.4.6:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.7
cpe:2.3:a:mod_ssl:mod_ssl:2.4.7:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.8
cpe:2.3:a:mod_ssl:mod_ssl:2.4.8:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.9
cpe:2.3:a:mod_ssl:mod_ssl:2.4.9:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.4.10
cpe:2.3:a:mod_ssl:mod_ssl:2.4.10:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.5.0
cpe:2.3:a:mod_ssl:mod_ssl:2.5.0:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.5.1
cpe:2.3:a:mod_ssl:mod_ssl:2.5.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.0
cpe:2.3:a:mod_ssl:mod_ssl:2.6.0:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.1
cpe:2.3:a:mod_ssl:mod_ssl:2.6.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.2
cpe:2.3:a:mod_ssl:mod_ssl:2.6.2:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.3
cpe:2.3:a:mod_ssl:mod_ssl:2.6.3:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.4
cpe:2.3:a:mod_ssl:mod_ssl:2.6.4:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.5
cpe:2.3:a:mod_ssl:mod_ssl:2.6.5:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.6.6
cpe:2.3:a:mod_ssl:mod_ssl:2.6.6:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.7.0
cpe:2.3:a:mod_ssl:mod_ssl:2.7.0:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.7.1
cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.0
cpe:2.3:a:mod_ssl:mod_ssl:2.8.0:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.1
cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.1.2
cpe:2.3:a:mod_ssl:mod_ssl:2.8.1.2:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.2
cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.3
cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.4
cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.5
cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.5.1
cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.1:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.5.2
cpe:2.3:a:mod_ssl:mod_ssl:2.8.5.2:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.6
cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.7
cpe:2.3:a:mod_ssl:mod_ssl:2.8.7:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.8
cpe:2.3:a:mod_ssl:mod_ssl:2.8.8:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.9
cpe:2.3:a:mod_ssl:mod_ssl:2.8.9:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.10
cpe:2.3:a:mod_ssl:mod_ssl:2.8.10:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.12
cpe:2.3:a:mod_ssl:mod_ssl:2.8.12:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.14
cpe:2.3:a:mod_ssl:mod_ssl:2.8.14:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.15
cpe:2.3:a:mod_ssl:mod_ssl:2.8.15:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.16
cpe:2.3:a:mod_ssl:mod_ssl:2.8.16:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.17
cpe:2.3:a:mod_ssl:mod_ssl:2.8.17:*:*:*:*:*:*:*
mod_ssl
mod_ssl
>>mod_ssl>>2.8.18
cpe:2.3:a:mod_ssl:mod_ssl:2.8.18:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>1.4
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857cve@mitre.org
N/A
http://marc.info/?l=apache-modssl&m=109001100906749&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=109005001205991&w=2cve@mitre.org
N/A
http://packetstormsecurity.org/0407-advisories/modsslFormat.txtcve@mitre.org
N/A
http://virulent.siyahsapka.org/cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-532cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/303448cve@mitre.org
Third Party Advisory
US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075cve@mitre.org
N/A
http://www.osvdb.org/7929cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-405.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-408.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/10736cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-177-1cve@mitre.org
N/A
https://bugzilla.fedora.us/show_bug.cgi?id=1888cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=apache-modssl&m=109001100906749&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=109005001205991&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.org/0407-advisories/modsslFormat.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://virulent.siyahsapka.org/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-532af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/303448af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/7929af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-405.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-408.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/10736af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-177-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.fedora.us/show_bug.cgi?id=1888af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/16705af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=apache-modssl&m=109001100906749&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109005001205991&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://virulent.siyahsapka.org/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-532
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/303448
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/7929
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-405.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-408.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10736
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-177-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=1888
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000857
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=apache-modssl&m=109001100906749&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109005001205991&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://virulent.siyahsapka.org/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-532
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/303448
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:075
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/7929
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-405.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-408.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10736
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-177-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=1888
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

28Records found
CVE-2002-0082
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.51% / 84.75%
||
7 Day CHG-1.21%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Action-Not Available
Vendor-apache-sslmod_ssln/a
Product-mod_sslapache-ssln/a
CVE-2004-1737
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.85% / 87.73%
||
7 Day CHG~0.00%
Published-26 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

Action-Not Available
Vendor-n/aGentoo Foundation, Inc.The Cacti Group, Inc.
Product-linuxcactin/a
CVE-2004-0432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.37%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

Action-Not Available
Vendor-proftpd_projecttrustixn/aGentoo Foundation, Inc.
Product-linuxsecure_linuxproftpdn/a
CVE-2004-1161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.73% / 88.98%
||
7 Day CHG~0.00%
Published-10 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Action-Not Available
Vendor-rsshn/aGentoo Foundation, Inc.
Product-rsshlinuxn/a
CVE-2004-0419
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 85.53%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Action-Not Available
Vendor-xfree86_projectn/aGentoo Foundation, Inc.X.Org Foundation
Product-xdmx11r6linuxn/a
CVE-2005-0535
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-24 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

Action-Not Available
Vendor-n/aWikimedia FoundationGentoo Foundation, Inc.
Product-linuxmediawikin/a
CVE-2005-0206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.53% / 90.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Action-Not Available
Vendor-easy_software_productsasciicstexxpdfpdftohtmltetexn/aThe GNOME ProjectUbuntuKDEGentoo Foundation, Inc.SUSESilicon Graphics, Inc.Debian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-tetexxpdfubuntu_linuxkdecstetexdebian_linuxlinuxptexlinux_advanced_workstationpropackcupskofficegpdfmandrake_linux_corporate_serverenterprise_linux_desktopsuse_linuxkpdfadvanced_linux_environmentpdftohtmlfedora_coreenterprise_linuxn/a
CVE-2005-0005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.50% / 87.13%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.Debian GNU/LinuxGentoo Foundation, Inc.GraphicsMagickSUSEImageMagick Studio LLC
Product-propackgraphicsmagicksuse_linuxdebian_linuximagemagicklinuxn/a
CVE-2004-1175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.40%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.11% / 89.44%
||
7 Day CHG~0.00%
Published-04 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Action-Not Available
Vendor-conectivascon/aLibTIFFGentoo Foundation, Inc.Silicon Graphics, Inc.Avaya LLCF5, Inc.Apple Inc.Sun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-cvlanmn100libtiffintegrated_managementicontrol_service_managermac_os_xlinuxintuity_audix_lxpropackmandrake_linux_corporate_serversolarisinteractive_responseunixwaremac_os_x_servermodular_messaging_message_storage_serversunoscall_management_system_servermandrake_linuxn/a
CVE-2004-1162
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.93%
||
7 Day CHG~0.00%
Published-10 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.

Action-Not Available
Vendor-scponlyn/aGentoo Foundation, Inc.
Product-scponlylinuxn/a
CVE-2004-1176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 83.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.69% / 87.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

Action-Not Available
Vendor-inter7double_precision_incorporatedn/aGentoo Foundation, Inc.
Product-courier_mtalinuxcourier-imapsqwebmailn/a
CVE-2004-0932
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-43.59% / 97.43%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 93.87%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-1004
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.40%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 93.87%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 86.64%
||
7 Day CHG~0.00%
Published-02 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

Action-Not Available
Vendor-rob_flynnn/aGentoo Foundation, Inc.Mandriva (Mandrakesoft)
Product-linuxgaimmandrake_linuxn/a
CVE-2004-0934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.95% / 97.22%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.03% / 96.49%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0935
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 93.87%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarearchive_ziprav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-14 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Action-Not Available
Vendor-n/aKDEGentoo Foundation, Inc.SUSEMandriva (Mandrakesoft)
Product-kdekonquerorsuse_linuxlinuxmandrake_linuxn/a
CVE-2005-0754
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.28% / 84.03%
||
7 Day CHG~0.00%
Published-24 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-conectivan/aUbuntuKDEGentoo Foundation, Inc.Red Hat, Inc.
Product-ubuntu_linuxquantakdefedora_corelinuxn/a
CVE-2004-1096
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.25% / 95.30%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-1005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2002-1157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.45% / 87.05%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Action-Not Available
Vendor-mod_ssln/a
Product-mod_ssln/a
CVE-2007-4137
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-18 Sep, 2007 | 19:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Action-Not Available
Vendor-trolltechconectivan/aGentoo Foundation, Inc.Mandriva (Mandrakesoft)Red Hat, Inc.Ubuntu
Product-ubuntu_linuxqtenterprise_linuxlinuxmandrake_linuxmandrake_linux_corporate_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.88% / 93.77%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

Action-Not Available
Vendor-sendmailturbolinuxn/aNetBSDGentoo Foundation, Inc.IBM CorporationOpenBSDApple Inc.HP Inc.
Product-sendmailnetbsdhp-uxopenbsdadvanced_message_serversendmail_switchaixturbolinux_servermac_os_x_servermac_os_xturbolinux_workstationlinuxturbolinux_advanced_serversendmail_pron/a
Details not found