Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9652
HistorySep 05, 2005 - 12:00 a.m.

mod_ssl "SSLVerifyClient" Security Bypass Security Issue

2005-09-0500:00:00
vulners.com
17
JSON

mod_ssl "SSLVerifyClient" Security Bypass Security Issue

Secunia Advisory: SA16700
Release Date: 2005-09-05

Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch

Software: mod_ssl 2.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2005-2700

Description:
A security issue has been reported in mod_ssl, which potentially can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error in enforcing client-based certificate authentication ("SSLVerifyClient require") in per-location context, if "SSLVerifyClient optional" was configured in the global virtual host configuration. This may allow malicious people to bypass client-based certificate authentication and gain unauthorised access to certain web pages.

Solution:
Update to version 2.8.24.
http://www.modssl.org/source/mod_ssl-2.8.24-1.3.33.tar.gz

Provided and/or discovered by:
Reported by vendor.

Related

openvas 31
debiancve 1
httpd 1
redhat 2
f5 4
ubuntucve 1
cve 1
debian 4
nessus 15
cert 1
centos 2
slackware 2
osv 2
gentoo 1
suse 3
ubuntu 1
openvas
openvas
Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
2008-01-17 00:00:00
HP-UX Update for Apache HPSBUX01232
2009-05-05 00:00:00
Slackware Advisory SSA:2005-251-02 mod_ssl
2012-09-11 00:00:00
debiancve
debiancve
CVE-2005-2700
2005-09-06 23:03:00
httpd
httpd
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
redhat
redhat
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
f5
f5
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700
2013-03-28 00:00:00
ubuntucve
ubuntucve
CVE-2005-2700
2005-09-06 00:00:00
cve
cve
CVE-2005-2700
2005-09-06 23:03:00
debian
debian
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
nessus
nessus
Debian DSA-807-1 : libapache-mod-ssl - acl restriction bypass
2005-09-13 00:00:00
Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2005-251-02)
2005-10-05 00:00:00
RHEL 2.1 : mod_ssl (RHSA-2005:773)
2005-09-17 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
centos
centos
mod_ssl security update
2005-09-16 00:34:35
httpd, mod_ssl security update
2005-09-06 15:58:02
slackware
slackware
mod_ssl
2005-09-08 15:54:45
slackware-current security updates
2005-09-08 15:55:02
osv
osv
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
apache2 - several
2005-09-08 00:00:00
gentoo
gentoo
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00
JSON
Related for SECURITYVULNS:DOC:9652
openvas31debiancve1httpd1redhat2f54ubuntucve1cve1debian4nessus15cert1centos2slackware2osv2gentoo1suse3ubuntu1