Published: 03/03/2004 Updated: 10/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote malicious users to forge a client certificate by using basic authentication with the "one-line DN" of the target user.

Affected Products

Vendor Product Versions
Apache-sslApache-ssl1.3.28 1.52