Apache-SSL 1.3.28+1.52 and previous versions, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote malicious users to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache-ssl apache-ssl |