Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability

Apache-SSL is prone to a remote information-disclosure and privilege-escalation vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to obtain sensitive information or gain control of applications that use environment variables provided by Apache-SSL; this may lead to further attacks.

This issue affects Apache-SSL apache_1.3.34+ssl_1.57; other versions may also be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus