Lucene search

[email protected]CVE-2005-2700

HistorySep 06, 2005 - 11:03 p.m.

CVE-2005-2700

2005-09-0623:03:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

978

cve-2005-2700

mod_ssl

sslverifyclient

access restrictions

nvd

security vulnerability

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.0%

JSON

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context, which allows remote attackers to bypass intended access restrictions.

CPENameOperatorVersion
apache:http_serverapache http serverlt2.0.55
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq3.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq4.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq5.04

CPE	Name	Operator	Version
apache:http_server	apache http server	lt	2.0.55
debian:debian_linux	debian debian linux	eq	3.1
debian:debian_linux	debian debian linux	eq	3.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	4.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	5.04

References

lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

marc.info/?l=apache-modssl&m=112569517603897&w=2

marc.info/?l=bugtraq&m=112604765028607&w=2

marc.info/?l=bugtraq&m=112870296926652&w=2

people.apache.org/~jorton/CAN-2005-2700.diff

secunia.com/advisories/16700

secunia.com/advisories/16705

secunia.com/advisories/16714

secunia.com/advisories/16743

secunia.com/advisories/16746

secunia.com/advisories/16748

secunia.com/advisories/16753

secunia.com/advisories/16754

secunia.com/advisories/16769

secunia.com/advisories/16771

secunia.com/advisories/16789

secunia.com/advisories/16864

secunia.com/advisories/16956

secunia.com/advisories/17088

secunia.com/advisories/17288

secunia.com/advisories/17311

secunia.com/advisories/17813

secunia.com/advisories/19072

secunia.com/advisories/19073

secunia.com/advisories/21848

secunia.com/advisories/22523

sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

support.avaya.com/elmodocs2/security/ASA-2006-081.htm

www.debian.org/security/2005/dsa-805

www.debian.org/security/2005/dsa-807

www.gentoo.org/security/en/glsa/glsa-200509-12.xml

www.kb.cert.org/vuls/id/744929

www.mandriva.com/security/advisories?name=MDKSA-2005:161

www.novell.com/linux/security/advisories/2005_51_apache2.html

www.novell.com/linux/security/advisories/2005_52_apache2.html

www.osvdb.org/19188

www.redhat.com/support/errata/RHSA-2005-608.html

www.redhat.com/support/errata/RHSA-2005-773.html

www.redhat.com/support/errata/RHSA-2005-816.html

www.securityfocus.com/bid/14721

www.ubuntu.com/usn/usn-177-1

www.vupen.com/english/advisories/2005/1625

www.vupen.com/english/advisories/2005/2659

www.vupen.com/english/advisories/2006/0789

www.vupen.com/english/advisories/2006/4207

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195

lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416

Social References

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2005-2700

openvas31 redhat2 f54 ubuntucve1 debiancve1 httpd1 debian4 nessus15 cert1 centos2 slackware2 osv2 securityvulns1 gentoo1 suse3 ubuntu1