CVE-2005-2700

Publication date 6 September 2005

Last updated 24 July 2024

Ubuntu priority

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context, which allows remote attackers to bypass intended access restrictions.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
apache2	7.04 feisty	Fixed 2.2.3-3.2ubuntu0.1
	6.10 edgy	Fixed 2.0.55-4ubuntu4.1
	6.06 LTS dapper	Fixed 2.0.55-4ubuntu2.2
libapache-mod-ssl	7.04 feisty	Fixed 2.8.25-1
	6.10 edgy	Fixed 2.8.25-1
	6.06 LTS dapper	Fixed 2.8.25-1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-177-1
Apache 2 vulnerabilities
7 September 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-2700