CVE-2005-2700
Publication date 6 September 2005
Last updated 24 July 2024
Ubuntu priority
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Status
Package | Ubuntu Release | Status |
---|---|---|
apache2 | ||
libapache-mod-ssl | ||