Apache – CVE-2005-2700

Description

Kayran has detected a flaw in the mod_ssl handling of the “SSLVerifyClient” directive.
This flaw would occur if a virtual host has been configured using “SSLVerifyClient optional” and further a directive “SSLVerifyClient required” is set for a specific location.
Also known as CVE-2005-2700.

By using the “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context.
That will allow remote attackers to bypass restrictions and gain access to resources that should be protected (Information Disclosure).
It can be done since supplying a client certificate when connecting is not needed, therefore, the system’s integrity is compromised.

Severity/Score

CVSS Version 2.0- 10.0 High

Recommendation

To prevent CVE-2005-2700, update the version of the Apache httpd being used to 2.0.55 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2700

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »