1. Home
  2. CVE Database
  3. CVE-2003-0192
MEDIUM · 6.4

CVE-2003-0192

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade...

Vulnerability Description

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:P
Confidentiality
NONE
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
ApacheHttp Server2.0

References

FAQ

What is CVE-2003-0192?

CVE-2003-0192 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade...

How severe is CVE-2003-0192?

CVE-2003-0192 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0192?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.