Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mod_ssl 安全漏洞
Vulnerability Description
mod_ssl是mod_ssl(Mod_ssl)项目的一个Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。它利用OpenSSL来完成SSL实现。 mod_ssl存在安全漏洞。该漏洞源于Apache中的mod_ssl证书废除列表(CRL)验证回调中存在off-by-one错误。当配置使用CRL时,使得远程攻击者可以借助于CRL(其造成空字节缓冲区溢出)造成拒绝服务(子进程崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A