23 matches found
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...
CVE-2003-0192
Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...
CVE-2003-0192
CVE-2003-0192 describes an issue in Apache 2.x before 2.0.47 (and mod_ssl for Apache 1.3) where certain sequences of per-directory renegotiations combined with using SSLCipherSuite to upgrade a weak cipher could cause the server to continue using a weak cipher. The connected advisories confirm af...