CVE-2005-2700
EPSS 15.1%libapache-mod-ssl - acl restriction bypass
發布日:2005/9/6修改日:2026/4/28
描述
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
受影響套件(2)
- Debian/apache2from 0, < 2.0.54-5
- Debian/libapache-mod-sslfrom 0, < 2.8.9-2.5