CVE-2002-0653
moderate-risk
Published 2002-07-11
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
Do I need to act?
~
1.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (36)
Mailing List
http://marc.info/?l=bugtraq&m=102513970919836&w=2
Mailing List
http://marc.info/?l=bugtraq&m=102563469326072&w=2
Mailing List
http://marc.info/?l=vuln-dev&m=102477330617604&w=2
Broken Link
http://rhn.redhat.com/errata/RHSA-2002-164.html
Broken Link
http://www.debian.org/security/2002/dsa-135
Broken Link
http://www.securityfocus.com/bid/5084
and 16 more references
39
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
10/34 · Low
Exposure
5/34 · Minimal