PublicDate: 2005-09-06 23:03:00 UTC
Candidate: CVE-2005-2700
References:
 https://ubuntu.com/security/notices/USN-177-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700
Description:
 ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient
 optional" in the global virtual host configuration, does not properly
 enforce "SSLVerifyClient require" in a per-location context, which allows
 remote attackers to bypass intended access restrictions.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_libapache-mod-ssl: released (2.8.25-1)
edgy_libapache-mod-ssl: released (2.8.25-1)
feisty_libapache-mod-ssl: released (2.8.25-1)
devel_libapache-mod-ssl: DNE
dapper_apache2: released (2.0.55-4ubuntu2.2)
edgy_apache2: released (2.0.55-4ubuntu4.1)
feisty_apache2: released (2.2.3-3.2ubuntu0.1)
devel_apache2: released (2.2.4-3)
upstream_apache2: needs-triage
upstream_libapache-mod-ssl: needs-triage