CVE-2002-0653 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-0653 PUBLISHED CVSS 7.800000190734863 HIGH

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

EPSS 1.02% · 77.1th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.02%

77.1th percentile

Affected Products

Vendor	Product	Versions
modssl	mod_ssl	0
n/a	n/a	n/a

Timeline

Jul 11, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

RHSA-2002:164 vendor-advisory
apache-modssl-htaccess-bo(9415) vdb
RHSA-2003:106 vendor-advisory
CSSA-2002-031.0 vendor-advisory
CLA-2002:504 vendor-advisory
MDKSA-2002:048 vendor-advisory
SuSE-SA:2002:028 vendor-advisory
RHSA-2002:134 vendor-advisory
RHSA-2002:136 vendor-advisory
20020622 Another flaw in Apache? mailing-list
20020628 TSL-2002-0058 - apache/mod_ssl mailing-list
5084 vdb
20020624 Apache mod_ssl off-by-one vulnerability mailing-list
RHSA-2002:135 vendor-advisory
RHSA-2002:146 vendor-advisory
HPSBTL0207-052 vendor-advisory
DSA-135 vendor-advisory
ESA-20020702-017 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-0653 advisory

Open in Interactive Console →