CVE-2003-0192

Impact:
Moderate
Public Date:
2003-07-09
Bugzilla:
1616998: CVE-2003-0192 security flaw

The MITRE CVE dictionary describes this issue as:

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

Find out more about CVE-2003-0192 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:
http://rhn.redhat.com/errata/RHSA-2003-244.html

Red Hat Enterprise Linux 3 contained a backported patch to correct this issue since release. This issue does not affect the versions of Apache in Enterprise Linux 4 or later.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Linux 8.0 RHSA-2003:240 2003-09-04
Red Hat Stronghold 4 RHSA-2003:290 2003-09-30
Red Hat Linux 9 RHSA-2003:240 2003-09-04
Red Hat Linux 7.2 RHSA-2003:243 2003-09-22
Stronghold 4 for Red Hat Enterprise Linux RHSA-2003:301 2003-10-15
Red Hat Linux 7.1 RHSA-2003:243 2003-09-22
Red Hat Linux 7.3 RHSA-2003:243 2003-09-22
Red Hat Enterprise Linux 2.1 RHSA-2003:244 2003-09-22
Last Modified

CVE description copyright © 2017, The MITRE Corporation