CVE-2004-0488 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-0488 PUBLISHED CVSS 7.5 HIGH

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

EPSS 62.66% · 98.4th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

62.66%

98.4th percentile

Affected Products

Vendor	Product	Versions
apache	http_server	2.0.35
n/a	n/a	n/a
redhat	enterprise_linux_server	2.0
debian	debian_linux	3.0
redhat	enterprise_linux_workstation	2.0

Timeline

Jul 18, 2003 CVE Published
Feb 4, 2022 EPSS Score
May 3, 2022 CVE Updated
May 5, 2023 EPSS Score
Nov 8, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 5, 2025 EPSS Score
Apr 15, 2025 EPSS Score
Apr 22, 2025 EPSS Score

References

2004-0031 vendor-advisory
oval:org.mitre.oval:def:11458 vdb
MDKSA-2004:054 vendor-advisory
RHSA-2004:342 vendor-advisory
RHSA-2004:245 vendor-advisory
GLSA-200406-05 vendor-advisory
20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache) mailing-list
RHSA-2004:405 vendor-advisory
SSRT4788 vendor-advisory
20040605-01-U vendor-advisory
RHSA-2005:816 vendor-advisory
SSRT4777 vendor-advisory
20040517 mod_ssl ssl_util_uuencode_binary potential problem mailing-list
10355 vdb
DSA-532 vendor-advisory
FLSA:1888 vendor-advisory
MDKSA-2004:055 vendor-advisory
apache-modssl-uuencode-bo(16214) vdb
20040601 TSSA-2004-008 - apache mailing-list
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list

…and 25 more

Open in Interactive Console →