Apache-SSL ExpandCert() Environment Variable Overwrite Vulnerability

Apache-SSL ExpandCert() Environment Variable Overwrite Vulnerability

Rated as : Low Risk Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2008-04-03

A vulnerability has been identified in Apache-SSL, which could be exploited by attackers to bypass security restrictions and disclose sensitive information. This issue is caused by an error in the "ExpandCert()" function when handling client certificates, which could be exploited by attackers to overwrite environment variables and disclose memory data by manipulating the relative distinguished name in a certificate.CreditsVulnerability reported by Alexander Klink (Cynops GmbH).

Döküman Arama

Başlık :

Kapat