Apache – CVE-2005-2700

Description

Kayran has detected a flaw in the mod_ssl handling of the “SSLVerifyClient” directive.
This flaw would occur if a virtual host has been configured using “SSLVerifyClient optional” and further a directive “SSLVerifyClient required” is set for a specific location.
Also known as CVE-2005-2700.

By using the “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context.
That will allow remote attackers to bypass restrictions and gain access to resources that should be protected (Information Disclosure).
It can be done since supplying a client certificate when connecting is not needed, therefore, the system’s integrity is compromised.

Recommendation

To prevent CVE-2005-2700, update the version of the Apache httpd being used to 2.0.55 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2700

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »