Apache 'mod_ssl' Log Function Format String Vulnerability

Apache 'mod_ssl' Log Function Format String Vulnerability

References:

Critical Patch Update - July 2005 (Oracle)
HPSBUX01098 ApacheStrong remote Denial of Service or arbitrary code execution (HP)
mod_ssl Homepage (mod_ssl Project)
Project Newsflash! (mod_ssl Project)
RHSA-2004:405-06 - Stronghold 4: New release fixes Apache, mod_ssl, and PHP (RedHat)
RHSA-2004:408-05 - mod_ssl (RedHat)
VMware ESX Server 1.5.2 Patch 6 Security Update (VMware)
VMware ESX Server 2.0.1 Patch 1 Security Update (for 2.0.x systems) (VMware)
VMware ESX Server 2.1.2 Security Update (for 2.1.x systems) (VMware)
VU#303448 - mod_ssl contains a format string vulnerability in the ssl_log() (US-CERT)
RHSA-2008:0523-1 Low: Red Hat Network Proxy Server security update (Red Hat)

Privacy Statement
Copyright 2010, SecurityFocus