- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200509-12 (Apache, mod_ssl: Multiple vulnerabilities)
mod_ssl contains a security issue when 'SSLVerifyClient optional' is configured in the global virtual host configuration (CAN-2005-2700).
Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CAN-2005-2491).
Impact :
Under a specific configuration, mod_ssl does not properly enforce the client-based certificate authentication directive, 'SSLVerifyClient require', in a per-location context, which could be potentially used by a remote attacker to bypass some restrictions. By creating a specially crafted '.htaccess' file, a local attacker could possibly exploit Apache's vulnerability, which would result in a local privilege escalation.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top