Apache – CVE-2004-0488

Description

Kayran has detected that the Version of Apache HTTP Server being used has the FakeBasicAuth overflow vulnerability.
CVE-2004-0488 is categorized as an ‘Out-of-bounds Write’ vulnerability (CWE-787).
That means that the software writes data past the end, or before the beginning, of the intended buffer.

Typically, this can result in the corruption of data, crashes, or code executions.

A Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA.
That, may allow remote attackers to execute arbitrary codes by using a client’s certificate that has a long subject DN.
That, will lead to information being disclosed.

There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2004-0488, upgrade the version of Apache HTTP Server being used to 2.0.50.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488

https://cwe.mitre.org/data/definitions/787.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »