Searching mod ssl software vulnerabilities

HTTP Server mod_ssl module running on HP-UX 11.

mod_ssl | running | module | Server | HP-UX | HTTP |

HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.


Webmin 0.21 through 1.0 uses the same built-in

Webmin |

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.


Apache 2 before 2.0.47, and certain versions of

before | Apache |

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.


The Microsoft Secure Sockets Layer (SSL) librar

Microsoft | Sockets | Secure | Layer |

The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.


Format string vulnerability in the mod_proxy ho

ssl_engine_logc | vulnerability | functions | mod_proxy | function | mod_ssl | Format | string | before | hook |

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.


mod_ssl in Apache 2.0.50 and earlier allows rem

mod_ssl | Apache |

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.


The char_buffer_read function in the mod_ssl mo

char_buffer_read | attackers | proxying | function | reverse | mod_ssl | service | allows | remote | denial | Apache | module | server | cause | using | SSL |

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).


The mod_ssl module in Apache 2.0.35 through 2.0

mod_ssl | Apache | module |

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.


Off-by-one error in the mod_ssl Certificate Rev

Certificate | Revocation | Off-by-one | mod_ssl | error | List |

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.


ssl_engine_kernel.c in mod_ssl before 2.8.24, w

ssl_engine_kernelc | mod_ssl | before |

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.


mod_ssl in Apache 2.0 up to 2.0.55, when config

mod_ssl | Apache |

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.


Cisco CSS 11500 Content Services Switch (CSS) w

Cisco | CSS |

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.


Buffer overflow in the SSL-ready version of lin

linux-ftpd | SSL-ready | overflow | version | Buffer |

Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.


Opera before 9.0 does not reset the SSL securit

SSL-enabled | certificate | facilitates | displaying | untrusted | attackers | download | phishing | security | website | attacks | trusted | remote | allows | before | dialog | reset | Opera | spoof | which | after | does | not | bar | SSL |

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | mambo-phpshop | inclusion | Multiple | Scroller | modules | Product | Module | remote | other | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.


ModernBill 5.0.4 and earlier uses cURL with ins

ModernBill |

ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.


The Kernel SSL Proxy service (svc:/network/ssl/

service | Kernel | Proxy | SSL |

The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before Tuesday, September 26, 2006 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | config[pathMod] | inclusion | attackers | arbitrary | parameter | Multiple | indexphp | execute | earlier | remote | PMECMS | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.


BEA WebLogic Server 9.0 through 9.2 allows remo

attackers | WebLogic | through | service | denial | remote | Server | allows | cause | BEA |

BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.


Mail Notification 4.0, when WITH_SSL is set to

Notification | connections | unencrypted | information | configured | sensitive | attackers | accounts | WITH_SSL | sniffing | network | SSL/TLS | compile | remote | obtain | allows | which | uses | time | Mail | set |

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.


Software vulnerabilities results 1 to 20 of 328     
Page: 12345...17