FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory.
Update your system with the appropriate patches or software upgrades.
The following package is affected: apache+ssl If configured with SSLVerifyClient set to 1 or 3 (client certificates optional) and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed is the 'one-line DN' of a valid user, as used by faked basic auth in Apache-SSL, and the fixed password ('password' by default).