CVE-2005-2700
published 2005-09-06CVE-2005-2700: ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce…
critical10CVSS 3.1
AVNACLAuNCCICAC
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.0.35 < 2.0.55 | 2.0.55 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | apache2 | < apache2 2.0.54-5 (bookworm) | apache2 2.0.54-5 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL