Bug#327210: apache2: CAN-2005-2700
Package: apache2
Version: 2.0.54-4
Severity: critical
Tags: security, fixed-upstream
See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
,----
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using
| "SSLVerifyClient optional" in the global virtual host configuration,
| does not properly enforce "SSLVerifyClient require" in a per-location
| context, which allows remote attackers to bypass intended access
| restrictions.
`----
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
Reply to: