Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2005-2700

Published: 06/09/2005 Updated: 13/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Http Server

Vulnerability Summary

ssl_engine_kernel.c in mod_ssl prior to 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote malicious users to bypass intended access restrictions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 3.1

debian debian linux 3.0

canonical ubuntu linux 4.10

canonical ubuntu linux 5.04

Vendor Advisories

Ubuntu Security Notice: apache2, libapache-mod-ssl vulnerabilities
Apache did not honour the “SSLVerifyClient require” directive within a <Location> block if the surrounding <VirtualHost> block contained a directive “SSLVerifyClient optional” This allowed clients to bypass client certificate validation on servers with the above configuration (CAN-2005-2700) ...
Red Hat: httpd security update
Synopsis httpd security update Type/Severity Security Advisory: Important Topic Updated Apache httpd packages that correct two security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having important security impact by the RedHat Security Response Team D ...
Red Hat: mod_ssl security update
Synopsis mod_ssl security update Type/Severity Security Advisory: Important Topic An updated mod_ssl package for Apache that corrects a security issue is nowavailableThis update has been rated as having important security impact by the RedHat Security Response Team Description The mod_ssl ...
Debian Security Advisories: DSA-805-1 apache2 -- several vulnerabilities
Several problems have been discovered in Apache2, the next generation, scalable, extendable web server The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback When Apache is config ...
Debian Security Advisories: DSA-807-1 libapache-mod-ssl -- acl restriction bypass
A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions For the old stable distribution (woody) this problem has been fixed in version 289-25 For the stable distribution (sarge) this problem has been fixed in version 2822-1sarge1 For t ...

References

NVD-CWE-noinfohttp://people.apache.org/~jorton/CAN-2005-2700.diffhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195http://www.securityfocus.com/bid/14721http://www.debian.org/security/2005/dsa-805http://www.mandriva.com/security/advisories?name=MDKSA-2005:161http://www.debian.org/security/2005/dsa-807http://www.redhat.com/support/errata/RHSA-2005-608.htmlhttp://www.redhat.com/support/errata/RHSA-2005-773.htmlhttp://www.novell.com/linux/security/advisories/2005_51_apache2.htmlhttp://www.ubuntu.com/usn/usn-177-1http://www.kb.cert.org/vuls/id/744929http://www.osvdb.org/19188http://secunia.com/advisories/16700http://www.gentoo.org/security/en/glsa/glsa-200509-12.xmlhttp://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://secunia.com/advisories/16705http://secunia.com/advisories/16714http://secunia.com/advisories/16743http://secunia.com/advisories/16746http://secunia.com/advisories/16748http://secunia.com/advisories/16753http://secunia.com/advisories/16754http://secunia.com/advisories/16769http://secunia.com/advisories/16771http://secunia.com/advisories/16789http://secunia.com/advisories/16864http://secunia.com/advisories/16956http://secunia.com/advisories/17088http://secunia.com/advisories/17288http://secunia.com/advisories/17311http://secunia.com/advisories/17813http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1http://secunia.com/advisories/19072http://secunia.com/advisories/19073http://www.redhat.com/support/errata/RHSA-2005-816.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-081.htmhttp://www.novell.com/linux/security/advisories/2005_52_apache2.htmlhttp://secunia.com/advisories/21848http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117http://secunia.com/advisories/22523http://www.vupen.com/english/advisories/2006/0789http://www.vupen.com/english/advisories/2006/4207http://www.vupen.com/english/advisories/2005/1625http://www.vupen.com/english/advisories/2005/2659http://marc.info/?l=bugtraq&m=112604765028607&w=2http://marc.info/?l=bugtraq&m=112870296926652&w=2http://marc.info/?l=apache-modssl&m=112569517603897&w=2https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://usn.ubuntu.com/177-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/744929
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook