CVE-2002-0082 - Vulnerability Details

Vendors	Products
Apache-ssl	Apache-ssl
Mod Ssl	Mod Ssl
Redhat	Linux Secure Web Server Stronghold

Package	CPE	Advisory	Released Date
Red Hat Linux 7.0
	cpe:/o:redhat:linux:7.0	RHSA-2002:041	2002-03-08T00:00:00Z
Red Hat Linux 7.1
	cpe:/o:redhat:linux:7.1	RHSA-2002:041	2002-03-08T00:00:00Z
Red Hat Linux 7.2
	cpe:/o:redhat:linux:7.2	RHSA-2002:041	2002-03-08T00:00:00Z
Red Hat Secure Web Server 3.2
	cpe:/a:redhat:secure_web_server:3.2	RHSA-2002:042	2002-03-18T00:00:00Z
Red Hat Stronghold 3
	cpe:/a:redhat:stronghold:3	RHSA-2002:045	2002-03-07T00:00:00Z

Link	Providers
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
http://marc.info/?l=bugtraq&m=101518491916936&w=2
http://marc.info/?l=bugtraq&m=101528358424306&w=2
http://online.securityfocus.com/archive/1/258646
http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
http://www.apacheweek.com/issues/02-03-01#security
http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
http://www.debian.org/security/2002/dsa-120
http://www.iss.net/security_center/static/8308.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
http://www.redhat.com/support/errata/RHSA-2002-041.html
http://www.redhat.com/support/errata/RHSA-2002-042.html
http://www.redhat.com/support/errata/RHSA-2002-045.html
http://www.securityfocus.com/advisories/3965
http://www.securityfocus.com/advisories/4008
http://www.securityfocus.com/bid/4189
https://nvd.nist.gov/vuln/detail/CVE-2002-0082
https://www.cve.org/CVERecord?id=CVE-2002-0082

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T16:06:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CSSA-2002-011.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"}, {"name": "4189", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4189"}, {"name": "RHSA-2002:045", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"}, {"name": "HPSBUX0204-190", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/advisories/4008"}, {"name": "20020301 Apache-SSL buffer overflow (fix available)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2"}, {"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/258646"}, {"name": "MDKSA-2002:020", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"}, {"name": "ESA-20020301-005", "tags": ["vendor-advisory", "x_refsource_ENGARDE"], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"}, {"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2"}, {"name": "RHSA-2002:042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"}, {"name": "apache-modssl-bo(8308)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8308.php"}, {"name": "RHSA-2002:041", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.apacheweek.com/issues/02-03-01#security"}, {"name": "SSRT0817", "tags": ["vendor-advisory", "x_refsource_COMPAQ"], "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"}, {"name": "CLA-2002:465", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465"}, {"name": "HPSBTL0203-031", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/advisories/3965"}, {"name": "DSA-120", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-120"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0082", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CSSA-2002-011.0", "refsource": "CALDERA", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"}, {"name": "4189", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4189"}, {"name": "RHSA-2002:045", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"}, {"name": "HPSBUX0204-190", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/4008"}, {"name": "20020301 Apache-SSL buffer overflow (fix available)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2"}, {"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/258646"}, {"name": "MDKSA-2002:020", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"}, {"name": "ESA-20020301-005", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"}, {"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2"}, {"name": "RHSA-2002:042", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"}, {"name": "apache-modssl-bo(8308)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8308.php"}, {"name": "RHSA-2002:041", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"}, {"name": "http://www.apacheweek.com/issues/02-03-01#security", "refsource": "CONFIRM", "url": "http://www.apacheweek.com/issues/02-03-01#security"}, {"name": "SSRT0817", "refsource": "COMPAQ", "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"}, {"name": "CLA-2002:465", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465"}, {"name": "HPSBTL0203-031", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/3965"}, {"name": "DSA-120", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-120"}, {"name": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:35:17.584Z"}, "title": "CVE Program Container", "references": [{"name": "CSSA-2002-011.0", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"}, {"name": "4189", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4189"}, {"name": "RHSA-2002:045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"}, {"name": "HPSBUX0204-190", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/advisories/4008"}, {"name": "20020301 Apache-SSL buffer overflow (fix available)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2"}, {"name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/258646"}, {"name": "MDKSA-2002:020", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"}, {"name": "ESA-20020301-005", "tags": ["vendor-advisory", "x_refsource_ENGARDE", "x_transferred"], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"}, {"name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2"}, {"name": "RHSA-2002:042", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"}, {"name": "apache-modssl-bo(8308)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8308.php"}, {"name": "RHSA-2002:041", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.apacheweek.com/issues/02-03-01#security"}, {"name": "SSRT0817", "tags": ["vendor-advisory", "x_refsource_COMPAQ", "x_transferred"], "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"}, {"name": "CLA-2002:465", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465"}, {"name": "HPSBTL0203-031", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/advisories/3965"}, {"name": "DSA-120", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2002/dsa-120"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0082", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-01T00:00:00", "dateUpdated": "2024-08-08T02:35:17.584Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2002-02-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-07-09T16:06:03 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : CSSA-2002-011.0 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CALDERA (string)

]

url : http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt (string)

}

1 : { »

name : 4189 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/4189 (string)

}

2 : { »

name : RHSA-2002:045 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-045.html (string)

}

3 : { »

name : HPSBUX0204-190 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://www.securityfocus.com/advisories/4008 (string)

}

4 : { »

name : 20020301 Apache-SSL buffer overflow (fix available) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=101518491916936&w=2 (string)

}

5 : { »

name : 20020227 mod_ssl Buffer Overflow Condition (Update Available) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://online.securityfocus.com/archive/1/258646 (string)

}

6 : { »

name : MDKSA-2002:020 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

]

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php (string)

}

7 : { »

name : ESA-20020301-005 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_ENGARDE (string)

]

url : http://www.linuxsecurity.com/advisories/other_advisory-1923.html (string)

}

8 : { »

name : 20020304 Apache-SSL 1.3.22+1.47 - update to security fix (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=101528358424306&w=2 (string)

}

9 : { »

name : RHSA-2002:042 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-042.html (string)

}

10 : { »

name : apache-modssl-bo(8308) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : http://www.iss.net/security_center/static/8308.php (string)

}

11 : { »

name : RHSA-2002:041 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-041.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.apacheweek.com/issues/02-03-01#security (string)

}

13 : { »

name : SSRT0817 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_COMPAQ (string)

]

url : http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml (string)

}

14 : { »

name : CLA-2002:465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 (string)

}

15 : { »

name : HPSBTL0203-031 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://www.securityfocus.com/advisories/3965 (string)

}

16 : { »

name : DSA-120 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2002/dsa-120 (string)

}

17 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2002-0082 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : CSSA-2002-011.0 (string)

refsource : CALDERA (string)

url : http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt (string)

}

1 : { »

name : 4189 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/4189 (string)

}

2 : { »

name : RHSA-2002:045 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2002-045.html (string)

}

3 : { »

name : HPSBUX0204-190 (string)

refsource : HP (string)

url : http://www.securityfocus.com/advisories/4008 (string)

}

4 : { »

name : 20020301 Apache-SSL buffer overflow (fix available) (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=101518491916936&w=2 (string)

}

5 : { »

name : 20020227 mod_ssl Buffer Overflow Condition (Update Available) (string)

refsource : BUGTRAQ (string)

url : http://online.securityfocus.com/archive/1/258646 (string)

}

6 : { »

name : MDKSA-2002:020 (string)

refsource : MANDRAKE (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php (string)

}

7 : { »

name : ESA-20020301-005 (string)

refsource : ENGARDE (string)

url : http://www.linuxsecurity.com/advisories/other_advisory-1923.html (string)

}

8 : { »

name : 20020304 Apache-SSL 1.3.22+1.47 - update to security fix (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=101528358424306&w=2 (string)

}

9 : { »

name : RHSA-2002:042 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2002-042.html (string)

}

10 : { »

name : apache-modssl-bo(8308) (string)

refsource : XF (string)

url : http://www.iss.net/security_center/static/8308.php (string)

}

11 : { »

name : RHSA-2002:041 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2002-041.html (string)

}

12 : { »

name : http://www.apacheweek.com/issues/02-03-01#security (string)

refsource : CONFIRM (string)

url : http://www.apacheweek.com/issues/02-03-01#security (string)

}

13 : { »

name : SSRT0817 (string)

refsource : COMPAQ (string)

url : http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml (string)

}

14 : { »

name : CLA-2002:465 (string)

refsource : CONECTIVA (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 (string)

}

15 : { »

name : HPSBTL0203-031 (string)

refsource : HP (string)

url : http://www.securityfocus.com/advisories/3965 (string)

}

16 : { »

name : DSA-120 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2002/dsa-120 (string)

}

17 : { »

name : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-08T02:35:17.584Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : CSSA-2002-011.0 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CALDERA (string)

2 : x_transferred (string)

]

url : http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt (string)

}

1 : { »

name : 4189 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/4189 (string)

}

2 : { »

name : RHSA-2002:045 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-045.html (string)

}

3 : { »

name : HPSBUX0204-190 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/advisories/4008 (string)

}

4 : { »

name : 20020301 Apache-SSL buffer overflow (fix available) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=101518491916936&w=2 (string)

}

5 : { »

name : 20020227 mod_ssl Buffer Overflow Condition (Update Available) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://online.securityfocus.com/archive/1/258646 (string)

}

6 : { »

name : MDKSA-2002:020 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

2 : x_transferred (string)

]

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php (string)

}

7 : { »

name : ESA-20020301-005 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_ENGARDE (string)

2 : x_transferred (string)

]

url : http://www.linuxsecurity.com/advisories/other_advisory-1923.html (string)

}

8 : { »

name : 20020304 Apache-SSL 1.3.22+1.47 - update to security fix (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=101528358424306&w=2 (string)

}

9 : { »

name : RHSA-2002:042 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-042.html (string)

}

10 : { »

name : apache-modssl-bo(8308) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : http://www.iss.net/security_center/static/8308.php (string)

}

11 : { »

name : RHSA-2002:041 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-041.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.apacheweek.com/issues/02-03-01#security (string)

}

13 : { »

name : SSRT0817 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_COMPAQ (string)

2 : x_transferred (string)

]

url : http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml (string)

}

14 : { »

name : CLA-2002:465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

2 : x_transferred (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 (string)

}

15 : { »

name : HPSBTL0203-031 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/advisories/3965 (string)

}

16 : { »

name : DSA-120 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2002/dsa-120 (string)

}

17 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2002-0082 (string)

datePublished : 2002-06-25T04:00:00 (string)

dateReserved : 2002-03-01T00:00:00 (string)

dateUpdated : 2024-08-08T02:35:17.584Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*", "matchCriteriaId": "AFF77CC7-14EE-44E6-ADD8-17DEFD336BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*", "matchCriteriaId": "075C7AD9-B254-4CAD-8E71-D0DB542D90E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*", "matchCriteriaId": "FD50710F-6471-4CB7-9047-BC0285F92A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*", "matchCriteriaId": "5AF68B78-F29E-4A4F-9F7B-E408F606C14D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*", "matchCriteriaId": "A3154AB7-23F9-4D0D-935A-D530DC1F110C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*", "matchCriteriaId": "2716A670-2751-4348-8F56-0F2427D660CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB888875-1AFC-4569-B783-CDE92B717882", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3E1E3411-A16E-4B11-983D-C83644B471CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C39E94EF-FEF4-41CA-BCD5-F3273D40D0F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "08A7DE9F-3088-445E-A09A-FC8E155C4E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "3906A1FB-3105-4248-B9D2-B915AEF90E9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F1DB98C0-A15B-4186-8DAC-D906ABBEC2F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "15B615EC-D5AF-4C62-AF0A-453F7FD11DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "50211658-1959-4E97-9FF5-6ABAF3B98C36", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."}, {"lang": "es", "value": "El c\u00f3digo de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadamente la memoria usando la funci\u00f3n i2d_SSL_SESSION, lo que permite a atacantes remotos usar un desbordamiento de buffer para ejecutar c\u00f3digo arbitrario mediante un certificado de cliente largo firmado por una Autoricad Certificadora (CA) larga, lo que produce una sesi\u00f3n serializada larga."}], "id": "CVE-2002-0082", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465"}, {"source": "cve@mitre.org", "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2"}, {"source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/258646"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"}, {"source": "cve@mitre.org", "url": "http://www.apacheweek.com/issues/02-03-01#security"}, {"source": "cve@mitre.org", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2002/dsa-120"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8308.php"}, {"source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"}, {"source": "cve@mitre.org", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/advisories/3965"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/advisories/4008"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/258646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.apacheweek.com/issues/02-03-01#security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2002/dsa-120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/8308.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/advisories/3965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/advisories/4008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4189"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:* (string)

matchCriteriaId : AFF77CC7-14EE-44E6-ADD8-17DEFD336BE0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:* (string)

matchCriteriaId : 075C7AD9-B254-4CAD-8E71-D0DB542D90E6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:* (string)

matchCriteriaId : FD50710F-6471-4CB7-9047-BC0285F92A68 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:* (string)

matchCriteriaId : 5AF68B78-F29E-4A4F-9F7B-E408F606C14D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:* (string)

matchCriteriaId : A3154AB7-23F9-4D0D-935A-D530DC1F110C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:* (string)

matchCriteriaId : 2716A670-2751-4348-8F56-0F2427D660CD (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BB888875-1AFC-4569-B783-CDE92B717882 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E1E3411-A16E-4B11-983D-C83644B471CA (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C39E94EF-FEF4-41CA-BCD5-F3273D40D0F0 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 08A7DE9F-3088-445E-A09A-FC8E155C4E95 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3906A1FB-3105-4248-B9D2-B915AEF90E9A (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F1DB98C0-A15B-4186-8DAC-D906ABBEC2F7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 15B615EC-D5AF-4C62-AF0A-453F7FD11DAD (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 50211658-1959-4E97-9FF5-6ABAF3B98C36 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. (string)

}

1 : { »

lang : es (string)

value : El código de mod_ssl dbm y shm cache anteriores a 2.8.7-1.3.23 y Apache-SSL anteriores a 1.3.22 1.46 no inicializa adecuadamente la memoria usando la función i2d_SSL_SESSION, lo que permite a atacantes remotos usar un desbordamiento de buffer para ejecutar código arbitrario mediante un certificado de cliente largo firmado por una Autoricad Certificadora (CA) larga, lo que produce una sesión serializada larga. (string)

}

]

id : CVE-2002-0082 (string)

lastModified : 2025-04-03T01:03:51.193 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : true (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2002-03-15T05:00:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=101518491916936&w=2 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=101528358424306&w=2 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://online.securityfocus.com/archive/1/258646 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://www.apacheweek.com/issues/02-03-01#security (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2002/dsa-120 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.iss.net/security_center/static/8308.php (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.linuxsecurity.com/advisories/other_advisory-1923.html (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2002-041.html (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2002-042.html (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2002-045.html (string)

}

15 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/advisories/3965 (string)

}

16 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/advisories/4008 (string)

}

17 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/4189 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=101518491916936&w=2 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=101528358424306&w=2 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://online.securityfocus.com/archive/1/258646 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.apacheweek.com/issues/02-03-01#security (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2002/dsa-120 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.iss.net/security_center/static/8308.php (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.linuxsecurity.com/advisories/other_advisory-1923.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2002-041.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2002-042.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2002-045.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/advisories/3965 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/advisories/4008 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/4189 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2002:041", "cpe": "cpe:/o:redhat:linux:7.0", "product_name": "Red Hat Linux 7.0", "release_date": "2002-03-08T00:00:00Z"}, {"advisory": "RHSA-2002:041", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2002-03-08T00:00:00Z"}, {"advisory": "RHSA-2002:041", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2002-03-08T00:00:00Z"}, {"advisory": "RHSA-2002:042", "cpe": "cpe:/a:redhat:secure_web_server:3.2", "product_name": "Red Hat Secure Web Server 3.2", "release_date": "2002-03-18T00:00:00Z"}, {"advisory": "RHSA-2002:045", "cpe": "cpe:/a:redhat:stronghold:3", "product_name": "Red Hat Stronghold 3", "release_date": "2002-03-07T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616740"}, "csaw": false, "details": ["The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session."], "name": "CVE-2002-0082", "public_date": "2002-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2002-0082\nhttps://nvd.nist.gov/vuln/detail/CVE-2002-0082"], "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2002:041 (string)

cpe : cpe:/o:redhat:linux:7.0 (string)

product_name : Red Hat Linux 7.0 (string)

release_date : 2002-03-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2002:041 (string)

cpe : cpe:/o:redhat:linux:7.1 (string)

product_name : Red Hat Linux 7.1 (string)

release_date : 2002-03-08T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2002:041 (string)

cpe : cpe:/o:redhat:linux:7.2 (string)

product_name : Red Hat Linux 7.2 (string)

release_date : 2002-03-08T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2002:042 (string)

cpe : cpe:/a:redhat:secure_web_server:3.2 (string)

product_name : Red Hat Secure Web Server 3.2 (string)

release_date : 2002-03-18T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2002:045 (string)

cpe : cpe:/a:redhat:stronghold:3 (string)

product_name : Red Hat Stronghold 3 (string)

release_date : 2002-03-07T00:00:00Z (string)

}

]

bugzilla : { »

description : security flaw (string)

id : 1616740 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1616740 (string)

}

csaw : false (boolean)

details : [ »

0 : The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. (string)

]

name : CVE-2002-0082 (string)

public_date : 2002-02-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2002-0082 https://nvd.nist.gov/vuln/detail/CVE-2002-0082 (string)

]

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object