OSVDB ID: 7929 Title: Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String |
Info |
|
|
Dates |
||||
|
|
Description |
The mod_ssl ssl_log function in Apache contains a flaw that may allow an attacker to execute arbitrary messages. The issue is triggered due to a ssl_log() format string error within the 'mod_proxy' hook functions. It is possible that the flaw may allow an attacker to execute arbitrary messages via format string specifiers in certain log messages for HTTPS resulting in a loss of integrity. |
Classification |
Location:
Local Access Required,
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to version 2.8.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
|
siyahsapka.org -