CVE-2005-2700
Published: 6 September 2005
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.0.55-4ubuntu2.2)
|
edgy |
Released
(2.0.55-4ubuntu4.1)
|
|
feisty |
Released
(2.2.3-3.2ubuntu0.1)
|
|
upstream |
Needs triage
|
|
libapache-mod-ssl Launchpad, Ubuntu, Debian |
dapper |
Released
(2.8.25-1)
|
edgy |
Released
(2.8.25-1)
|
|
feisty |
Released
(2.8.25-1)
|
|
upstream |
Needs triage
|