• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache 'mod_ssl' Log Function Format String Vulnerability

References:

• Critical Patch Update - July 2005 (Oracle)
  
• HPSBUX01098 ApacheStrong remote Denial of Service or arbitrary code execution (HP)
  
• mod_ssl Homepage (mod_ssl Project)
  
• Project Newsflash! (mod_ssl Project)
  
• RHSA-2004:405-06 - Stronghold 4: New release fixes Apache, mod_ssl, and PHP (RedHat)
  
• RHSA-2004:408-05 - mod_ssl (RedHat)
  
• VMware ESX Server 1.5.2 Patch 6 Security Update (VMware)
  
• VMware ESX Server 2.0.1 Patch 1 Security Update (for 2.0.x systems) (VMware)
  
• VMware ESX Server 2.1.2 Security Update (for 2.1.x systems) (VMware)
  
• VU#303448 - mod_ssl contains a format string vulnerability in the ssl_log() (US-CERT)
  
• RHSA-2008:0523-1 Low: Red Hat Network Proxy Server security update (Red Hat)