2 matches found
DEBIAN-CVE-2019-0190
A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...
Apache Httpd < 2.0.47 : mod_ssl renegotiation issue
A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...