CVE - CVE-2005-2700

CVE-ID
CVE-2005-2700	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:102197 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1~~ (Obsolete source) MISC:102198 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1~~ (Obsolete source) MISC:14721 URL:http://www.securityfocus.com/bid/14721 MISC:16700 URL:http://secunia.com/advisories/16700 MISC:16705 URL:http://secunia.com/advisories/16705 MISC:16714 URL:http://secunia.com/advisories/16714 MISC:16743 URL:http://secunia.com/advisories/16743 MISC:16746 URL:http://secunia.com/advisories/16746 MISC:16748 URL:http://secunia.com/advisories/16748 MISC:16753 URL:http://secunia.com/advisories/16753 MISC:16754 URL:http://secunia.com/advisories/16754 MISC:16769 URL:http://secunia.com/advisories/16769 MISC:16771 URL:http://secunia.com/advisories/16771 MISC:16789 URL:http://secunia.com/advisories/16789 MISC:16864 URL:http://secunia.com/advisories/16864 MISC:16956 URL:http://secunia.com/advisories/16956 MISC:17088 URL:http://secunia.com/advisories/17088 MISC:17288 URL:http://secunia.com/advisories/17288 MISC:17311 URL:http://secunia.com/advisories/17311 MISC:17813 URL:http://secunia.com/advisories/17813 MISC:19072 URL:http://secunia.com/advisories/19072 MISC:19073 URL:http://secunia.com/advisories/19073 MISC:19188 URL:~~http://www.osvdb.org/19188~~ (Obsolete source) MISC:21848 URL:http://secunia.com/advisories/21848 MISC:22523 URL:http://secunia.com/advisories/22523 MISC:ADV-2005-1625 URL:~~http://www.vupen.com/english/advisories/2005/1625~~ (Obsolete source) MISC:ADV-2005-2659 URL:~~http://www.vupen.com/english/advisories/2005/2659~~ (Obsolete source) MISC:ADV-2006-0789 URL:~~http://www.vupen.com/english/advisories/2006/0789~~ (Obsolete source) MISC:ADV-2006-4207 URL:~~http://www.vupen.com/english/advisories/2006/4207~~ (Obsolete source) MISC:DSA-805 URL:http://www.debian.org/security/2005/dsa-805 MISC:DSA-807 URL:http://www.debian.org/security/2005/dsa-807 MISC:GLSA-200509-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml MISC:HPSBUX01232 URL:http://marc.info/?l=bugtraq&m=112870296926652&w=2 MISC:MDKSA-2005:161 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:161~~ (Obsolete source) MISC:OpenPKG-SA-2005.017 URL:http://marc.info/?l=bugtraq&m=112604765028607&w=2 MISC:RHSA-2005:608 URL:http://www.redhat.com/support/errata/RHSA-2005-608.html MISC:RHSA-2005:773 URL:http://www.redhat.com/support/errata/RHSA-2005-773.html MISC:RHSA-2005:816 URL:http://www.redhat.com/support/errata/RHSA-2005-816.html MISC:SSRT051043 URL:http://marc.info/?l=bugtraq&m=112870296926652&w=2 MISC:SUSE-SA:2005:051 URL:http://www.novell.com/linux/security/advisories/2005_51_apache2.html MISC:SUSE-SA:2005:052 URL:http://www.novell.com/linux/security/advisories/2005_52_apache2.html MISC:SuSE-SA:2006:051 URL:https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html MISC:TSLSA-2005-0059 URL:~~http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html~~ (Obsolete source - check if archived by the Wayback Machine) MISC:USN-177-1 URL:http://www.ubuntu.com/usn/usn-177-1 MISC:VU#744929 URL:http://www.kb.cert.org/vuls/id/744929 MISC:[apache-modssl] 20050902 [ANNOUNCE] mod_ssl 2.8.24-1.3.33 URL:http://marc.info/?l=apache-modssl&m=112569517603897&w=2 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t URL:https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E MISC:[httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t URL:https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E MISC:http://people.apache.org/~jorton/CAN-2005-2700.diff URL:http://people.apache.org/~jorton/CAN-2005-2700.diff MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm MISC:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 URL:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195 MISC:oval:org.mitre.oval:def:10416 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416
Assigning CNA
Red Hat, Inc.
Date Record Created
20050826	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050826)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)