The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and previous versions does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote malicious users to spoof clients via a crafted certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache mod-gnutls |