CVE-2004-0885
Last modified
CVE-2004-0885 is a vulnerability of currently unknown severity. The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.. EPSS estimates a 13.84% chance of exploitation in the next 30 days.
Description
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.0.35 |
| Apache | Http Server | 2.0.36 |
| Apache | Http Server | 2.0.37 |
| Apache | Http Server | 2.0.38 |
| Apache | Http Server | 2.0.39 |
| Apache | Http Server | 2.0.40 |
| Apache | Http Server | 2.0.41 |
| Apache | Http Server | 2.0.42 |
| Apache | Http Server | 2.0.43 |
| Apache | Http Server | 2.0.44 |
| Apache | Http Server | 2.0.45 |
| Apache | Http Server | 2.0.46 |
| Apache | Http Server | 2.0.47 |
| Apache | Http Server | 2.0.48 |
| Apache | Http Server | 2.0.49 |
| Apache | Http Server | 2.0.50 |
| Apache | Http Server | 2.0.51 |
| Apache | Http Server | 2.0.52 |
References
- http://www.redhat.com/support/errata/RHSA-2004-600.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2004-600.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-0885?
How severe is CVE-2004-0885?
How do I fix CVE-2004-0885?
Are you affected by CVE-2004-0885?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST