Description
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Remediation
References
Related Vulnerabilities
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)
WordPress Plugin Powerplay Gallery 'upload.php' Arbitrary File Upload (3.2)
MySQL CVE-2017-3458 Vulnerability (CVE-2017-3458)
WordPress Plugin Infusionsoft Gravity Forms Add-on Cross-Site Scripting (1.5.11)