CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
85.0%
A bug in the optional renegotiation code in mod_ssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | apache_httpd | 2.0.46 | cpe:2.3:a:apache:apache_httpd:2.0.46:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.45 | cpe:2.3:a:apache:apache_httpd:2.0.45:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.44 | cpe:2.3:a:apache:apache_httpd:2.0.44:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.43 | cpe:2.3:a:apache:apache_httpd:2.0.43:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.42 | cpe:2.3:a:apache:apache_httpd:2.0.42:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.40 | cpe:2.3:a:apache:apache_httpd:2.0.40:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.39 | cpe:2.3:a:apache:apache_httpd:2.0.39:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.37 | cpe:2.3:a:apache:apache_httpd:2.0.37:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.36 | cpe:2.3:a:apache:apache_httpd:2.0.36:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.35 | cpe:2.3:a:apache:apache_httpd:2.0.35:*:*:*:*:*:*:* |