Description
Cytrix has detected that the Version of Apache HTTP Server being used has the FakeBasicAuth overflow vulnerability.
CVE-2004-0488 is categorized as an ‘Out-of-bounds Write’ vulnerability (CWE-787).
That means that the software writes data past the end, or before the beginning, of the intended buffer.
Typically, this can result in the corruption of data, crashes, or code executions.
A Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA.
That, may allow remote attackers to execute arbitrary codes by using a client’s certificate that has a long subject DN.
That, will lead to information being disclosed.
There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it will cause a decrease in performance and interruptions in the availability of resources.
Recommendation
To fix CVE-2004-0488, upgrade the version of Apache HTTP Server being used to 2.0.50.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488
https://cwe.mitre.org/data/definitions/787.html