Family: Web Servers --> Category: infos
mod_ssl off by one Vulnerability Scan
Vulnerability Scan Summary
Checks for version of mod_ssl
Detailed Explanation for this Vulnerability Test
The remote host is using a version of mod_ssl which is
older than 2.8.10.
This version is vulnerable to an off by one buffer overflow
which may allow a user with write access to .htaccess files
to execute arbitrary code on the system with permissions
of the web server.
*** Note that several Linux distributions (such as RedHat)
*** patched the old version of this module. Therefore, this
*** might be a false positive. Please check with your vendor
*** to acertain if you really are vulnerable to this flaw
Solution : Upgrade to version 2.8.10 or newer
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.