Vulnerability Details : CVE-2002-0082


CVE Name: CVE-2002-0082: Code Execution, Memory Corruption vulnerability on Apache Ssl Apache Ssl, Mod Ssl Mod Ssl
Description: The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Publish date: 2002-03-15T05:00Z
Last Update: 2016-10-18T02:16Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeNo info
Vulnerability Type(s)Code Execution, Memory Corruption
CWE IDN/I

Products Affected By CVE-2002-0082


# Vendor Product Vulnerable Versions
1 Apache Ssl Apache Ssl 6
2 Mod Ssl Mod Ssl 8

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Apache Ssl Apache Ssl 1.45
2 Application Apache Ssl Apache Ssl 1.46
3 Application Mod Ssl Mod Ssl 2.8.5
4 Application Mod Ssl Mod Ssl 2.8.6
5 Application Apache Ssl Apache Ssl 1.42
6 Application Apache Ssl Apache Ssl 1.44
7 Application Mod Ssl Mod Ssl 2.8.3
8 Application Mod Ssl Mod Ssl 2.8.4
9 Application Mod Ssl Mod Ssl 2.7.1
10 Application Mod Ssl Mod Ssl 2.8
11 Application Apache Ssl Apache Ssl 1.40
12 Application Apache Ssl Apache Ssl 1.41
13 Application Mod Ssl Mod Ssl 2.8.1
14 Application Mod Ssl Mod Ssl 2.8.2