Description

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Remediation

References

CVE-2005-2700

Related Vulnerabilities

WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.3)

WebLogic CVE-2022-21261 Vulnerability (CVE-2022-21261)

WordPress Other Vulnerability (CVE-2004-1559)

WordPress 4.9.x Cross-Domain Flash Injection Vulnerability (4.9 - 4.9.1)

MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-0372)

Severity

Critical

Classification

CVE-2005-2700

Tags

Missing Update Known Vulnerabilities