Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2700

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-2700
Last Modified 07 Mar 2011 09:24:54
Published 06 Sep 2005 07:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2700

Summary

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Enterprise Linux Desktop 4.0

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.9

  • Apache Http Server 2.1

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Mod Ssl 2.0.15

  • Mod Ssl 2.1.8

  • Mod Ssl 2.2.8

  • Mod Ssl 2.3.11

  • Mod Ssl 2.4.10

  • Mod Ssl 2.5.1

  • Mod Ssl 2.6.6

  • Mod Ssl 2.7.1

  • Mod Ssl 2.8.14

  • Mod Ssl 2.8.15

  • Mod Ssl 2.8.16

  • Mod Ssl 2.8.18

  • Mod Ssl 2.8.19

  • Mod Ssl 2.8.20

  • Mod Ssl 2.8.21

  • Mod Ssl 2.8.22

  • Mod Ssl 2.8.23

  • Mod Ssl 2.8.24


References

CERT-VN - VU#744929

MLIST - [apache-modssl] 20050902 [ANNOUNCE] mod_ssl 2.8.24-1.3.33

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195

VUPEN - ADV-2006-4207

VUPEN - ADV-2006-0789

VUPEN - ADV-2005-2659

VUPEN - ADV-2005-1625

BID - 14721

CONFIRM - http://people.apache.org/~jorton/CAN-2005-2700.diff

HP - HPSBUX01232

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

UBUNTU - USN-177-1

REDHAT - RHSA-2005:816

REDHAT - RHSA-2005:773

REDHAT - RHSA-2005:608

OSVDB - 19188

SUSE - SUSE-SA:2006:051

SUSE - SUSE-SA:2005:052

SUSE - SUSE-SA:2005:051

MANDRIVA - MDKSA-2005:161

GENTOO - GLSA-200509-12

DEBIAN - DSA-807

DEBIAN - DSA-805

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

SUNALERT - 102198

SUNALERT - 102197

SECUNIA - 22523

SECUNIA - 21848

SECUNIA - 19073

SECUNIA - 19072

SECUNIA - 17813

SECUNIA - 17311

SECUNIA - 17288

SECUNIA - 17088

SECUNIA - 16956

SECUNIA - 16864

SECUNIA - 16789

SECUNIA - 16771

SECUNIA - 16769

SECUNIA - 16754

SECUNIA - 16753

SECUNIA - 16748

SECUNIA - 16746

SECUNIA - 16743

SECUNIA - 16714

SECUNIA - 16705

SECUNIA - 16700

OPENPKG - OpenPKG-SA-2005.017

TRUSTIX - TSLSA-2005-0059

SUSE - SuSE-SA:2006:051

HP - SSRT051043


Last Updated: 27 May 2016 10:40:45