Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024...

K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

CVE-2016-4979

The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

CVE-2016-4979

CVE-2016-4979 affects Apache HTTP Server 2.4.18–2.4.20 when mod_http2 and mod_ssl are enabled; it fails to recognize the SSLVerifyClient require directive for HTTP/2 request authorization, enabling bypass of access restrictions by abusing multiple requests on a single connection and renegotiation...

EUVD-2016-5947

The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

Slackware: Security Advisory (SSA:2005-251-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Mod_SSL SSLVerifyClient 安全模式绕过漏洞

No description provided by source...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Apache modssl SSLVerifyClient bypass vulnerability CAN-2005-2700. Information about this advisory is available at the following location:...

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

Fedora Core 4 : httpd-2.0.54-10.2 (2005-849)

This update includes two security fixes. An issue was discovered in modssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured CVE-2005-2700. An issue was discovered in memory consumption of the byterange filter f...

mod_ssl

New modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If "SSLVerifyClient optional" was configured in the global section of the config file, it could improperly override "SSLVerifyClient require" in a per-location section. More details...

CVE-2005-2700

sslenginekernel.c in modssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions...

CVE-2005-2700

sslenginekernel.c in modssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2005:608 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is ...

Important: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...

CVE-2005-2700

sslenginekernel.c in modssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions...

CVE-2005-2700

This CVE concerns the Apache mod_ssl module (ssl_engine_kernel.c) where configuring SSLVerifyClient optional at global vhost level fails to enforce SSLVerifyClient require in per-location contexts. Attackers could bypass intended access restrictions by omitting a client certificate. Affected comp...

Apache Httpd < 2.0.55 : SSLVerifyClient bypass

A flaw in the modssl handling of the "SSLVerifyClient" directive. This flaw would occur if a virtual host has been configured using "SSLVerifyClient optional" and further a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may...