{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "mod_ssl SSLCipherSuite bypass", "tracking": { "current_release_date": "2026-05-06T19:48:05+00:00", "generator": { "date": "2026-05-06T19:48:05+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2004-0885", "initial_release_date": "2004-10-05T00:00:00+00:00", "revision_history": [ { "date": "2026-05-06T19:48:05+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat Satellite 580", "product": { "name": "Red Hat Satellite 580", "product_id": "rhn_satellite_5", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.0:el4" } } }, { "category": "product_version", "name": "jabberd", "product": { "name": "jabberd", "product_id": "jabberd-0:2.0s10-3.38.rhn.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=src&epoch=0" } } }, { "category": "product_version", "name": "java", "product": { "name": "java", "product_id": "java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4", "product_identification_helper": { "purl": "pkg:rpm/redhat/java@1.4.2-ibm-1.4.2.10-1jpp.2.el4?epoch=0" } } }, { "category": "product_version", "name": "jfreechart", "product": { "name": "jfreechart", "product_id": "jfreechart-0:0.9.20-3.rhn", "product_identification_helper": { "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?epoch=0" } } }, { "category": "product_version", "name": "openmotif21", "product": { "name": "openmotif21", "product_id": "openmotif21-0:2.1.30-11.RHEL4.6", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?epoch=0" } } }, { "category": "product_version", "name": "perl-Crypt-CBC", "product": { "name": "perl-Crypt-CBC", "product_id": "perl-Crypt-CBC-0:2.24-1.el4", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?epoch=0" } } }, { "category": "product_version", "name": "rhn-apache", "product": { "name": "rhn-apache", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?epoch=0" } } }, { "category": "product_version", "name": "rhn-modjk", "product": { "name": "rhn-modjk", "product_id": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modjk@1.2.23-2rhn.rhel4?epoch=0" } } }, { "category": "product_version", "name": "rhn-modperl", "product": { "name": "rhn-modperl", "product_id": "rhn-modperl-0:1.29-16.rhel4", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?epoch=0" } } }, { "category": "product_version", "name": "rhn-modssl", "product": { "name": "rhn-modssl", "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?epoch=0" } } }, { "category": "product_version", "name": "tomcat5", "product": { "name": "tomcat5", "product_id": "tomcat5-0:5.0.30-0jpp_10rh", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?epoch=0" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.38.rhn.src as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:jabberd-0:2.0s10-3.38.rhn.src" }, "product_reference": "jabberd-0:2.0s10-3.38.rhn.src", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4" }, "product_reference": "java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "jfreechart-0:0.9.20-3.rhn as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:jfreechart-0:0.9.20-3.rhn" }, "product_reference": "jfreechart-0:0.9.20-3.rhn", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-0:2.1.30-11.RHEL4.6 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:openmotif21-0:2.1.30-11.RHEL4.6" }, "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Crypt-CBC-0:2.24-1.el4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:perl-Crypt-CBC-0:2.24-1.el4" }, "product_reference": "perl-Crypt-CBC-0:2.24-1.el4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:rhn-apache-0:1.3.27-36.rhn.rhel4" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modjk-0:1.2.23-2rhn.rhel4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:rhn-modjk-0:1.2.23-2rhn.rhel4" }, "product_reference": "rhn-modjk-0:1.2.23-2rhn.rhel4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:rhn-modperl-0:1.29-16.rhel4" }, "product_reference": "rhn-modperl-0:1.29-16.rhel4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4 as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4" }, "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "relates_to_product_reference": "rhn_satellite_5" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_10rh as a component of Red Hat Satellite 580", "product_id": "rhn_satellite_5:tomcat5-0:5.0.30-0jpp_10rh" }, "product_reference": "tomcat5-0:5.0.30-0jpp_10rh", "relates_to_product_reference": "rhn_satellite_5" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0885", "notes": [ { "category": "description", "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "rhn_satellite_5:jabberd-0:2.0s10-3.38.rhn.src", "rhn_satellite_5:java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4", "rhn_satellite_5:jfreechart-0:0.9.20-3.rhn", "rhn_satellite_5:openmotif21-0:2.1.30-11.RHEL4.6", "rhn_satellite_5:perl-Crypt-CBC-0:2.24-1.el4", "rhn_satellite_5:rhn-apache-0:1.3.27-36.rhn.rhel4", "rhn_satellite_5:rhn-modjk-0:1.2.23-2rhn.rhel4", "rhn_satellite_5:rhn-modperl-0:1.29-16.rhel4", "rhn_satellite_5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "rhn_satellite_5:tomcat5-0:5.0.30-0jpp_10rh" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0885" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885" } ], "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T10:12:00+00:00", "details": "Apply advisory RHSA-2008:0261 as per vendors instructions.", "product_ids": [ "rhn_satellite_5:jabberd-0:2.0s10-3.38.rhn.src", "rhn_satellite_5:java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4", "rhn_satellite_5:jfreechart-0:0.9.20-3.rhn", "rhn_satellite_5:openmotif21-0:2.1.30-11.RHEL4.6", "rhn_satellite_5:perl-Crypt-CBC-0:2.24-1.el4", "rhn_satellite_5:rhn-apache-0:1.3.27-36.rhn.rhel4", "rhn_satellite_5:rhn-modjk-0:1.2.23-2rhn.rhel4", "rhn_satellite_5:rhn-modperl-0:1.29-16.rhel4", "rhn_satellite_5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "rhn_satellite_5:tomcat5-0:5.0.30-0jpp_10rh" ], "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "rhn_satellite_5:jabberd-0:2.0s10-3.38.rhn.src", "rhn_satellite_5:java-0:1.4.2-ibm-1.4.2.10-1jpp.2.el4", "rhn_satellite_5:jfreechart-0:0.9.20-3.rhn", "rhn_satellite_5:openmotif21-0:2.1.30-11.RHEL4.6", "rhn_satellite_5:perl-Crypt-CBC-0:2.24-1.el4", "rhn_satellite_5:rhn-apache-0:1.3.27-36.rhn.rhel4", "rhn_satellite_5:rhn-modjk-0:1.2.23-2rhn.rhel4", "rhn_satellite_5:rhn-modperl-0:1.29-16.rhel4", "rhn_satellite_5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "rhn_satellite_5:tomcat5-0:5.0.30-0jpp_10rh" ] } ], "title": "mod_ssl SSLCipherSuite bypass" } ] }