Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache-SSL和mod_ssl 安全漏洞
Vulnerability Description
Apache-SSL是美国Apache软件基金会的一个Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。它利用OpenSSL来完成SSL实现。mod_ssl是mod_ssl项目的一个Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。它利用OpenSSL来完成SSL实现。 mod_ssl 2.8.7-1.3.23之前版本和Apache-SSL 1.3.22+1.46之前版本中的dbm和shm会话缓存代码存在安全漏洞。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A