Bug#327210: apache2: CAN-2005-2700

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#327210: apache2: CAN-2005-2700
From: Juergen Kreileder <jk@blackdown.de>
Date: Thu, 08 Sep 2005 13:55:56 +0200
Message-id: <[🔎] 87acinlqnn.fsf@blackdown.de>
Reply-to: Juergen Kreileder <jk@blackdown.de>, 327210@bugs.debian.org

Package: apache2
Version: 2.0.54-4
Severity: critical
Tags: security, fixed-upstream

See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

,----
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using
| "SSLVerifyClient optional" in the global virtual host configuration,
| does not properly enforce "SSLVerifyClient require" in a per-location
| context, which allows remote attackers to bypass intended access
| restrictions.
`----


        Juergen

-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/

Reply to:

Follow-Ups:
- Bug#327210: apache2: CAN-2005-2700
  - From: Adam Conrad <adconrad@0c3.net>
- Bug#327210: marked as done (apache2: CAN-2005-2700)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#327193: mod_autoindex overrides the viewer's browser default colors
Next by Date: Bug#327210: apache2: CAN-2005-2700
Previous by thread: Bug#327193: mod_autoindex overrides the viewer's browser default colors
Next by thread: Bug#327210: apache2: CAN-2005-2700
Index(es):
- Date
- Thread