CVE-2005-2700 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2700
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2700

Description: ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-177-1 TRUSTIX http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html SUSE http://www.novell.com/linux/security/advisories/2006_51_apache.html http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html http://www.novell.com/linux/security/advisories/2005_52_apache2.html http://www.novell.com/linux/security/advisories/2005_51_apache2.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 SAID Secunia Advisory: SA16700 Secunia Advisory: SA16705 Secunia Advisory: SA16714 Secunia Advisory: SA16743 Secunia Advisory: SA16746 Secunia Advisory: SA16748 Secunia Advisory: SA16753 Secunia Advisory: SA16754 Secunia Advisory: SA16769 Secunia Advisory: SA16771 Secunia Advisory: SA16789 Secunia Advisory: SA16864 Secunia Advisory: SA16956 Secunia Advisory: SA17088 Secunia Advisory: SA17288 Secunia Advisory: SA17311 Secunia Advisory: SA17813 Secunia Advisory: SA19072 Secunia Advisory: SA19073 Secunia Advisory: SA21848 Secunia Advisory: SA22523 REDHAT http://www.redhat.com/support/errata/RHSA-2005-816.html http://www.redhat.com/support/errata/RHSA-2005-773.html http://www.redhat.com/support/errata/RHSA-2005-608.html OSVDB 19188 OPENPKG http://marc.theaimsgroup.com/?l=bugtraq&m=112604765028607&w=2 MLIST http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 HP http://marc.theaimsgroup.com/?l=bugtraq&m=112870296926652&w=2 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml DEBIAN http://www.debian.org/security/2005/dsa-807 http://www.debian.org/security/2005/dsa-805 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://people.apache.org/~jorton/CAN-2005-2700.diff CERT-VN 744929 BID 14721

Return to the previous page.