Vulnerability Details : CVE-2008-0555


CVE Name: CVE-2008-0555: Bypass Something vulnerability on Apache Ssl Apache Ssl
Description: The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
Publish date: 2008-04-04T00:44Z
Last Update: 2018-10-15T22:01Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeNo info
Vulnerability Type(s)Bypass Something
CWE ID287

Products Affected By CVE-2008-0555


# Vendor Product Vulnerable Versions
1 Apache Ssl Apache Ssl 1

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Apache Ssl Apache Ssl 1.3.34 1.57