Security Portal

Intrusion Prevention Service

Signature Version: 4.1044


WEB Apache Mod SSL
Threat Level: Critical
Release Date: 2006/9/26
Category: Virus/Worm
Signature ID: 1049954
Included In:
Affected OS: Linux
Description: The Apache/mod_ssl worm is self-propagating malicious code that exploits the OpenSSL vulnerability described in VU#102795. This vulnerability was the among the topics discussed in CA-2002-23 Multiple Vulnerabilities In OpenSSL. While this OpenSSL server vulnerability exists on a wide variety of platforms, the Apache/mod_ssl worm appears to work only on Linux systems running Apache with the OpenSSL module (mod_ssl) on Intel architectures.
Impact: The Apache/mod_ssl worm scans for potentially vulnerable systems on 80/tcp using an invalid HTTP GET request. When a potentially vulnerable Apache system is detected, the worm attempts to connect to
Recommendation: Please off-line the victim host and patch the system or software which exists vulnerabilities immediately.
False Positive: None
False Negative: None
Additional Information (Links open in new window):
Reference(s): CVE-2002-unknown; CA-2002-27

Search the Threat Database
Enter Rule ID or Name