|
|
Apache Web Server SSLCipherSuite弱加密方式重协商漏洞
发布时间:2003-07-08
更新时间:2003-07-12
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:8134
CVE(CAN) ID:CAN-2003-0192
受影响系统Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.40
+RedHat Linux 8.0
+RedHat Linux 9.0 i386
+Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.42
+Gentoo Linux 1.2
+Gentoo Linux 1.4 _rc1
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
+MandrakeSoft Linux Mandrake 9.1
+MandrakeSoft Linux Mandrake 9.1 ppc
Apache Software Foundation Apache 2.0.45
-Apple MacOS X 10.0
-Apple MacOS X 10.0.1
-Apple MacOS X 10.0.2
-Apple MacOS X 10.0.3
-Apple MacOS X 10.0.4
-Apple MacOS X 10.1
-Apple MacOS X 10.1
-Apple MacOS X 10.1.1
-Apple MacOS X 10.1.2
-Apple MacOS X 10.1.3
-Apple MacOS X 10.1.4
-Apple MacOS X 10.1.5
-Apple MacOS X 10.2
-Apple MacOS X 10.2.1
-Apple MacOS X 10.2.2
-Apple MacOS X 10.2.3
-Apple MacOS X 10.2.4
-Apple MacOS X 10.2.5
-Apple MacOS X 10.2.6
+Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.46
+Trustix Secure Linux 2.0 未影响系统Apache Software Foundation Apache 2.0.47 详细描述
Apache Software Foundation报告了一个漏洞称当SSLCipherSuite命令被用来升级一个加密组件时,在某些情况下会导致使用弱的加密方式。
解决方案
厂商已经在新版的软件中修补了此漏洞:
Apache Software Foundation Upgrade Apache httpd 2.0.47
http://httpd.apache.org/download.cgi
相关信息
2003-0025: apache
http://online.securityfocus.com/advisories/5570
|
