Description
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Remediation
References
Related Vulnerabilities
Jboss EAP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-14721)
WordPress Plugin FireCask Like & Share Button Cross-Site Scripting (1.1.5)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)
WordPress Plugin Simple Slider 'New Image' Field Cross-Site Scripting (1.0)
WordPress Plugin Infographic Maker-iList Unspecified Vulnerability (2.7.0)