Updated: April 30, 2003
Affected
This is fixed in Security Update 2002-08-02. Further information is available from: http://docs.info.apple.com/article.html?artnum=61798
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 08, 2002
Affected
Please see http://lwn.net/Articles/3951/.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 29, 2003 Updated: April 29, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 30, 2003
Affected
This vulnerability was fixed in DSA-135 (02 Jul 2002): http://www.debian.org/security/2002/dsa-135
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 17, 2003
Affected
http://mail-archives.engardelinux.org/engarde-users/2002/Jul/0009.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 01, 2003
Not Affected
Extreme Networks software suite is not vulnerable to the attack explained in VU#10455, as it does not include the Webserver implementation from Apache. Investigation and testing by Extreme Network engineering reveals the current Webserver implementation in Extreme Networks software suite is not vulnerable to the attack explained in VU#104555.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 07, 2003
Not Affected
Foundry Networks has tested for this vulnerability and is not affected by the buffer overflow in mod_ssl as described in VU#104555.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 17, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.securityfocus.com/advisories/4298.
Updated: May 08, 2003
Not Affected
Hitachi Web Server is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 17, 2003
Affected
The AIX operating system does not ship with mod_ssl. However, mod_ssl is available for installation on AIX from the Linux Affinity Toolbox. Users using mod_ssl 2.8.10 are later are not vulnerable to the issues discussed in CERT Vulnerability Note VU#104555 and any advisories which follow. This vulnerability is present in mod_ssl 2.8.9 and earlier; users are urged to upgrade as soon as possible. The Linux Affinity Toolbox is available at: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html This software is offered on an "as-is" and is unwarranted.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 02, 2003
Not Affected
Ingrian Networks products are not vulnerable to VU#104555.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 29, 2003 Updated: April 29, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 30, 2003
Affected
A number of Red Hat products included mod_ssl packages vulnerable to this issue. Updated packages are available along with our advisories at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2002-134.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2002-136.html Stronghold 3: http://rhn.redhat.com/errata/RHSA-2002-164.html Stronghold 4 (cross-platform): http://rhn.redhat.com/errata/RHSA-2002-146.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 17, 2003
Affected
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31/CSSA-2002-SCO.31.txt
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 30, 2003
Not Affected
The mod_ssl that SGI just started shipping as a supported offering, in IRIX 6.5.20, is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 08, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: July 08, 2002
Affected
Please see http://www.mail-archive.com/modssl-users@modssl.org/msg14451.html.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 30, 2003
Not Affected
A response to this vulnerability is available from our web site: http://www.xerox.com/security.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.