The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References
Link Providers
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=109786159119069&w=2 cve-icon cve-icon
http://secunia.com/advisories/19072 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm cve-icon cve-icon
http://www.apacheweek.com/features/security-20 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-562.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-600.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-816.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0261.html cve-icon cve-icon
http://www.securityfocus.com/bid/11360 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-177-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/0789 cve-icon cve-icon
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/17671 cve-icon cve-icon
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2004-0885 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2004-0885 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-10-16T04:00:00

Updated: 2024-08-08T00:31:47.797Z

Reserved: 2004-09-22T00:00:00

Link: CVE-2004-0885

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2004-11-03T05:00:00.000

Modified: 2023-11-07T01:56:49.680

Link: CVE-2004-0885

cve-icon Redhat

Severity : Moderate

Publid Date: 2004-10-05T00:00:00Z

Links: CVE-2004-0885 - Bugzilla