Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability

Bugtraq ID: 11360
Class: Design Error
CVE: CVE-2004-0885
Remote: Yes
Local: No
Published: Oct 11 2004 12:00AM
Updated: Jun 30 2008 11:52PM
Credit: Discovery of this issue is credited to Hartmut Keil.
Vulnerable: VMWare ESX Server 2.1.2
VMWare ESX Server 2.1.1
VMWare ESX Server 2.0.1 build 6403
VMWare ESX Server 2.0.1
VMWare ESX Server 2.0 build 5257
VMWare ESX Server 2.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
SuSE Linux 8.1
SuSE Linux 8.0
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 8.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Redhat Stronghold 4.0
Redhat Red Hat Network Satellite Server 5.0
Redhat Network Satellite (for RHEL 4) 4.2
Redhat Network Satellite (for RHEL 3) 4.2
Redhat Network Proxy (for RHEL 4) 4.2
Redhat Network Proxy (for RHEL 3) 4.2
mod_ssl mod_ssl 2.8.18
mod_ssl mod_ssl 2.8.17
mod_ssl mod_ssl 2.8.16
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
mod_ssl mod_ssl 2.8.15
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
mod_ssl mod_ssl 2.8.14
+ Slackware Linux 9.0
mod_ssl mod_ssl 2.8.12
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
mod_ssl mod_ssl 2.8.10
- Apache Apache 1.3.26
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.9
- Apache Apache 1.3.26
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ HP Secure OS software for Linux 1.0
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.8
- Apache Apache 1.3.24
mod_ssl mod_ssl 2.8.7
+ Apache Apache 1.3.23
+ MandrakeSoft Multi Network Firewall 2.0
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
mod_ssl mod_ssl 2.8.6
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.2
+ Compaq Compaq Secure Web Server for OpenVMS 1.1 -1
+ Compaq Compaq Secure Web Server for OpenVMS 1.0 -1
+ Compaq Compaq Secure Web Server for Tru64 5.5.2
mod_ssl mod_ssl 2.8.5 -2
- Apache Apache 1.3.22
mod_ssl mod_ssl 2.8.5 -1
mod_ssl mod_ssl 2.8.5
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ Redhat Linux 7.0 i386
+ Redhat Linux 7.0 alpha
+ Redhat Linux 7.0
mod_ssl mod_ssl 2.8.4
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ MandrakeSoft Single Network Firewall 7.2
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.3
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
mod_ssl mod_ssl 2.8.2
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
mod_ssl mod_ssl 2.8.1 -2
+ Apache Apache 1.3.19
mod_ssl mod_ssl 2.8.1
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Redhat Secure Web Server 3.2 i386
mod_ssl mod_ssl 2.8
+ Apache Apache 1.3.22
+ Apache Apache 1.3.22
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.20
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.19
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.18
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.17
+ Apache Apache 1.3.16
+ Apache Apache 1.3.16
+ Apache Apache 1.3.15
+ Apache Apache 1.3.15
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14 Mac
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.14
+ Apache Apache 1.3.13
+ Apache Apache 1.3.13
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.12
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.11
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.9
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.7 -dev
+ Apache Apache 1.3.6
+ Apache Apache 1.3.6
+ Apache Apache 1.3.4
+ Apache Apache 1.3.4
+ Apache Apache 1.3.3
+ Apache Apache 1.3.3
+ Apache Apache 1.3.1
+ Apache Apache 1.3.1
+ Apache Apache 1.3
+ Apache Apache 1.3
+ Apache Apache 1.2.5
+ Apache Apache 1.2.5
+ Apache Apache 1.2
+ Apache Apache 1.2
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for pSeries 3.3.2
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for iSeries 3.3.2
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.04
HP HP-UX B.11.00
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Communication Manager 2.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 2.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 1.3.1
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R11
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 1.1
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R11
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Apple Mac OS X Server 10.3.9
Apache Apache 2.0.52
+ Apple Mac OS X 10.3.6
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X Server 10.3.6
+ Apple Mac OS X Server 10.2.8
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
+ Redhat Enterprise Linux ES 4
+ Redhat Enterprise Linux WS 4
+ Sun Solaris 10
Apache Apache 2.0.51
Apache Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Apache Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE Linux 8.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Apache 2.0.47
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Apache Apache 2.0.46
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
+ Redhat Enterprise Linux ES 3
+ Redhat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
Apache Apache 2.0.44
Apache Apache 2.0.43
Apache Apache 2.0.42
Apache Apache 2.0.41
Apache Apache 2.0.40
+ Redhat Linux 9.0 i386
+ Redhat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Apache 2.0.39
Apache Apache 2.0.38
Apache Apache 2.0.37
Apache Apache 2.0.36
Apache Apache 2.0.35
Not Vulnerable: Apache Apache 2.0.53


 

Privacy Statement
Copyright 2010, SecurityFocus