Package: apache2 Version: 2.0.54-4 Severity: critical Tags: security, fixed-upstream
See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 ,---- | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using | "SSLVerifyClient optional" in the global virtual host configuration, | does not properly enforce "SSLVerifyClient require" in a per-location | context, which allows remote attackers to bypass intended access | restrictions. `---- Juergen -- Juergen Kreileder, Blackdown Java-Linux Team http://blog.blackdown.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
