CVE-2002-0082
Last modified
CVE-2002-0082 is a vulnerability of currently unknown severity. The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.. EPSS estimates a 29.88% chance of exploitation in the next 30 days.
Description
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache-Ssl | Apache-Ssl | 1.40 |
| Apache-Ssl | Apache-Ssl | 1.41 |
| Apache-Ssl | Apache-Ssl | 1.42 |
| Apache-Ssl | Apache-Ssl | 1.44 |
| Apache-Ssl | Apache-Ssl | 1.45 |
| Apache-Ssl | Apache-Ssl | 1.46 |
| Mod Ssl | Mod Ssl | 2.7.1 |
| Mod Ssl | Mod Ssl | 2.8 |
| Mod Ssl | Mod Ssl | 2.8.1 |
| Mod Ssl | Mod Ssl | 2.8.2 |
| Mod Ssl | Mod Ssl | 2.8.3 |
| Mod Ssl | Mod Ssl | 2.8.4 |
| Mod Ssl | Mod Ssl | 2.8.5 |
| Mod Ssl | Mod Ssl | 2.8.6 |
References
- http://www.iss.net/security_center/static/8308.phpPatch, Vendor Advisory
- http://www.iss.net/security_center/static/8308.phpPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0082?
How severe is CVE-2002-0082?
How do I fix CVE-2002-0082?
Are you affected by CVE-2002-0082?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST