CVE-2005-2700

EPSS 15.1%

libapache-mod-ssl - acl restriction bypass

Published: 9/6/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2005-2700

Description

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Affected packages (2)

Debian/apache2from 0, < 2.0.54-5
Debian/libapache-mod-sslfrom 0, < 2.8.9-2.5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2700