Description
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kimili Flash Embed Unspecified Vulnerability (2.2.1)
Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)
MySQL CVE-2019-2796 Vulnerability (CVE-2019-2796)
WordPress Plugin Widget Logic Cross-Site Request Forgery (5.9.0)