Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2005-2700HistorySep 06, 2005 - 11:03 p.m.
CVE-2005-2700
2005-09-0623:03:00
Debian Security Bug Tracker
security-tracker.debian.org
15
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
59.6%
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context, which allows remote attackers to bypass intended access restrictions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | < 2.0.54-5 | apache2_2.0.54-5_all.deb |
| Debian | 11 | all | apache2 | < 2.0.54-5 | apache2_2.0.54-5_all.deb |
| Debian | 999 | all | apache2 | < 2.0.54-5 | apache2_2.0.54-5_all.deb |
| Debian | 13 | all | apache2 | < 2.0.54-5 | apache2_2.0.54-5_all.deb |
Related
openvas
openvas
HP-UX Update for Apache HPSBUX01232
2009-05-05 00:00:00
Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
2008-01-17 00:00:00
Slackware Advisory SSA:2005-251-02 mod_ssl
2012-09-11 00:00:00
httpd
httpd
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
f5
f5
SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2007-05-16 00:00:00
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
slackware-current security updates
2005-09-08 15:55:02
osv
osv
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
apache2 - several
2005-09-08 00:00:00
securityvulns
securityvulns
mod_ssl "SSLVerifyClient" Security Bypass Security Issue
2005-09-05 00:00:00
redhat
redhat
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
cve
cve
CVE-2005-2700
2005-09-06 23:03:00
ubuntucve
ubuntucve
CVE-2005-2700
2005-09-06 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
debian
debian
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
nessus
nessus
Debian DSA-807-1 : libapache-mod-ssl - acl restriction bypass
2005-09-13 00:00:00
RHEL 2.1 : mod_ssl (RHSA-2005:773)
2005-09-17 00:00:00
cvelist
cvelist
CVE-2005-2700
2005-09-06 04:00:00
nvd
nvd
CVE-2005-2700
2005-09-06 23:03:00
centos
centos
mod_ssl security update
2005-09-16 00:34:35
httpd, mod_ssl security update
2005-09-06 15:58:02
gentoo
gentoo
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
suse
suse
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
cryptographic problems in apache2
2006-09-08 14:34:17
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
59.6%
Related for DEBIANCVE:CVE-2005-2700