CVE-2005-2700 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2005-2700

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2700

Description: ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-177-1 TRUSTIX http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html SUSE http://www.novell.com/linux/security/advisories/2006_51_apache.html http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html http://www.novell.com/linux/security/advisories/2005_52_apache2.html http://www.novell.com/linux/security/advisories/2005_51_apache2.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 SAID Secunia Advisory: SA16700 Secunia Advisory: SA16705 Secunia Advisory: SA16714 Secunia Advisory: SA16743 Secunia Advisory: SA16746 Secunia Advisory: SA16748 Secunia Advisory: SA16753 Secunia Advisory: SA16754 Secunia Advisory: SA16769 Secunia Advisory: SA16771 Secunia Advisory: SA16789 Secunia Advisory: SA16864 Secunia Advisory: SA16956 Secunia Advisory: SA17088 Secunia Advisory: SA17288 Secunia Advisory: SA17311 Secunia Advisory: SA17813 Secunia Advisory: SA19072 Secunia Advisory: SA19073 Secunia Advisory: SA21848 Secunia Advisory: SA22523 REDHAT http://www.redhat.com/support/errata/RHSA-2005-816.html http://www.redhat.com/support/errata/RHSA-2005-773.html http://www.redhat.com/support/errata/RHSA-2005-608.html OSVDB 19188 OPENPKG http://marc.theaimsgroup.com/?l=bugtraq&m=112604765028607&w=2 MLIST http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 HP http://marc.theaimsgroup.com/?l=bugtraq&m=112870296926652&w=2 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml DEBIAN http://www.debian.org/security/2005/dsa-807 http://www.debian.org/security/2005/dsa-805 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://people.apache.org/~jorton/CAN-2005-2700.diff CERT-VN 744929 BID 14721

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Red Hat update for vsftpd

2.	Red Hat update for rdesktop

3.	Red Hat update for rdesktop

4.	Red Hat update for coreutils

5.	Red Hat update for nss_ldap

6.	Red Hat update for kernel

7.	Red Hat update for mysql

8.	Atom PhotoBlog "photoId" SQL Injection Vulnerability

9.	OpenBSD BIND Query Port DNS Cache Poisoning

10.	Red Hat update for kernel