Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
httpdApache Team FoundationHTTPD:5AE0DECCB3632DACD24792909DC01D94
HistoryAug 30, 2005 - 12:00 a.m.

Apache Httpd < 2.0.55 : SSLVerifyClient bypass

2005-08-3000:00:00
Apache Team Foundation
httpd.apache.org
20

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.6%

JSON

A flaw in the mod_ssl handling of the “SSLVerifyClient” directive. This flaw would occur if a virtual host has been configured using “SSLVerifyClient optional” and further a directive “SSLVerifyClient required” is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting.

Related

openvas 31
debiancve 1
nvd 1
nessus 15
centos 2
f5 4
redhat 2
cve 1
ubuntucve 1
cert 1
debian 4
cvelist 1
slackware 2
osv 2
securityvulns 1
gentoo 1
suse 3
ubuntu 1
openvas
openvas
HP-UX Update for Apache HPSBUX01232
2009-05-05 00:00:00
Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-807-1)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2005-2700
2005-09-06 23:03:00
nvd
nvd
CVE-2005-2700
2005-09-06 23:03:00
nessus
nessus
RHEL 2.1 : mod_ssl (RHSA-2005:773)
2005-09-17 00:00:00
Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2005-251-02)
2005-10-05 00:00:00
Debian DSA-807-1 : libapache-mod-ssl - acl restriction bypass
2005-09-13 00:00:00
centos
centos
mod_ssl security update
2005-09-16 00:34:35
httpd, mod_ssl security update
2005-09-06 15:58:02
f5
f5
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700
2013-03-28 00:00:00
redhat
redhat
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
cve
cve
CVE-2005-2700
2005-09-06 23:03:00
ubuntucve
ubuntucve
CVE-2005-2700
2005-09-06 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
debian
debian
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
cvelist
cvelist
CVE-2005-2700
2005-09-06 04:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
slackware-current security updates
2005-09-08 15:55:02
osv
osv
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
apache2 - several
2005-09-08 00:00:00
securityvulns
securityvulns
mod_ssl &quot;SSLVerifyClient&quot; Security Bypass Security Issue
2005-09-05 00:00:00
gentoo
gentoo
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
suse
suse
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
cryptographic problems in apache2
2006-09-08 14:34:17
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.6%

JSON
Related for HTTPD:5AE0DECCB3632DACD24792909DC01D94
openvas31debiancve1nvd1nessus15centos2f54redhat2cve1ubuntucve1cert1debian4cvelist1slackware2osv2securityvulns1gentoo1suse3ubuntu1