In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.4.37 |
||
apache http server 2.4.38 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |