← back
CVE-2002-0082

CVE-2002-0082

28Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 30%
from disclosure to weapon35 days
Published on NVDJun 25
1st PoC+35d
exploitation probability
30%top 2% of all CVEs
observed exploitation
nono source reports it
6 public exploit(s)
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.