CVE-2005-2700

Severity

99%

Complexity

99%

Confidentiality

165%

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 19 years ago

2005-09-06 23:03:00

Last updated 7 years ago

2017-10-11 01:30:00

Affected Software

Apache Software Foundation Apache HTTP Server 2.0

2.0

Apache Software Foundation Apache HTTP Server 2.0.9a

2.0.9

Apache Software Foundation Apache HTTP Server 2.0.28

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.28 Beta

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.32

2.0.32

Apache Software Foundation Apache HTTP Server 2.0.35

2.0.35

Apache Software Foundation Apache HTTP Server 2.0.36

2.0.36

Apache Software Foundation Apache HTTP Server 2.0.37

2.0.37

Apache Software Foundation Apache HTTP Server 2.0.38

2.0.38

Apache Software Foundation Apache HTTP Server 2.0.39

2.0.39

Apache Software Foundation Apache HTTP Server 2.0.40

2.0.40

Apache Software Foundation Apache HTTP Server 2.0.41

2.0.41

Apache Software Foundation Apache HTTP Server 2.0.42

2.0.42

Apache Software Foundation Apache HTTP Server 2.0.43

2.0.43

Apache Software Foundation Apache HTTP Server 2.0.44

2.0.44

Apache Software Foundation Apache HTTP Server 2.0.45

2.0.45

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

Apache Software Foundation Apache HTTP Server 2.1

2.1

Apache Software Foundation Apache HTTP Server 2.1.1

2.1.1

Apache Software Foundation Apache HTTP Server 2.1.2

2.1.2

Apache Software Foundation Apache HTTP Server 2.1.3

2.1.3

Apache Software Foundation Apache HTTP Server 2.1.4

2.1.4

Apache Software Foundation Apache HTTP Server 2.1.5

2.1.5

Apache Software Foundation Apache HTTP Server 2.1.6

2.1.6

Red Hat Desktop 3.0

3.0

Red Hat Desktop 4.0

4.0

References

TSLSA-2005-0059

[apache-modssl] 20050902 [ANNOUNCE] mod_ssl 2.8.24-1.3.33

OpenPKG-SA-2005.017

SSRT051043

http://people.apache.org/~jorton/CAN-2005-2700.diff

16700

16705

16714

16743

16746

16748

16753

16754

16769

16771

16789

16864

16956

17088

17288

17311

17813

19072

19073

21848

22523

102197

102198

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

DSA-805

DSA-807

GLSA-200509-12

VU#744929

US Government Resource

MDKSA-2005:161

SUSE-SA:2005:051

SUSE-SA:2005:052

19188

RHSA-2005:608

RHSA-2005:773

RHSA-2005:816

14721

USN-177-1

ADV-2005-1625

ADV-2005-2659

ADV-2006-0789

ADV-2006-4207

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195

[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

SuSE-SA:2006:051

oval:org.mitre.oval:def:10416

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.