Description

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Remediation

References

CVE-2005-2700

Related Vulnerabilities

PHP Other Vulnerability (CVE-2015-6837)

WordPress Plugin Swipe Checkout for eShop Cross-Site Scripting (3.7.0)

MySQL CVE-2016-5437 Vulnerability (CVE-2016-5437)

WordPress Plugin Human Presence Cross-Site Scripting (2.0.8)

WordPress Plugin WP125 Multiple Cross-Site Scripting Vulnerabilities (1.4.4)

Severity

Critical

Classification

CVE-2005-2700

Tags

Missing Update Known Vulnerabilities