HTTP: mod_ssl - mod_proxy Hook Functions Format String
This signature detects attempts to exploit a known vulnerability against mod_ssl - mod_proxy Hook Functions. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
Affected Products
Mod_ssl mod_ssl
References
CVE: CVE-2004-0700
Short Name
HTTP:CTS:MOD-PROXY-FORMT-STRNG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
- CVE-2004-0700 Format Functions Hook String mod_proxy mod_ssl
Release Date
03/09/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3579
False Positive
Unknown
Vendors
Mod_ssl
Gentoo