Apache – CVE-2005-2700

Description

Kayran has detected a flaw in the mod_ssl handling of the “SSLVerifyClient” directive.
This flaw would occur if a virtual host has been configured using “SSLVerifyClient optional” and further a directive “SSLVerifyClient required” is set for a specific location.
Also known as CVE-2005-2700.

By using the “SSLVerifyClient optional” in the global virtual host configuration, does not properly enforce “SSLVerifyClient require” in a per-location context.
That will allow remote attackers to bypass restrictions and gain access to resources that should be protected (Information Disclosure).
It can be done since supplying a client certificate when connecting is not needed, therefore, the system’s integrity is compromised.

Recommendation

To prevent CVE-2005-2700, update the version of the Apache httpd being used to 2.0.55 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2700

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »