CVE-2004-0885 Information
Share on:Description
The mod_ssl module in Apache 2.0.35 through 2.0.52 when using the \SSLCipherSuite\ directive in directory or location context allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Reference
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=109786159119069&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-20 http://www.redhat.com/support/errata/RHSA-2004-562.html http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/bid/11360 http://www.ubuntu.com/usn/usn-177-1 http://www.vupen.com/english/advisories/2006/0789 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123 https://exchange.xforce.ibmcloud.com/vulnerabilities/17671 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@3Ccvs.httpd.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10384