{"vuid":"VU#744929","idnumber":"744929","name":"mod_ssl fails to properly enforce client certificates authentication","keywords":["mod_ssl","authentication bypass","SSLVerifyClient","ssl_engine_kernel.c","ssl_hook_Access","client certificates","Oracle_CPU_Oct_2006"],"overview":"mod_ssl, the Apache web server module for Secure Socket Layer (SSL) communications, may not properly authenticate client certificates.","clean_desc":"mod_ssl provides Secure Socket Layer (SSL) communications for the Apache web server. SSL is designed to provide the ability to encrypt and authenticate TCP connections. Apache, using mod_ssl, can be configured to use SSL to authenticate web users using client certificates. The requirement for client certificates is not enforced if a web server configuration specifies client authentication as optional (\"SSLVerifyClient optional\") in the global virtual host configuration, but specifies client certificates as required in some location's context (\"SSLVerifyClient require\").","impact":"An attacker may access web documents in a restricted section of a web site without providing a valid client certificate.","resolution":"Upgrade to mod_ssl 2.8.24 or later, or apply a patch as specified by your vendor.","workarounds":"","sysaffected":"","thanks":"Reported by Joe Orton of Red Hat.","author":"This document was written by Hal Burch.","public":["http://svn.apache.org/viewcvs?rev=264800&view=rev","http://www.mail-archive.com/modssl-users@modssl.org/msg17148.html","http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2","http://secunia.com/advisories/16700/","http://www.osvdb.org/19188","http://www.openpkg.org/security/OpenPKG-SA-2005.017-modssl.html","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195","https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167194","http://rhn.redhat.com/errata/RHSA-2005-608.html","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.458879"],"cveids":["CVE-2005-2700"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-09-06T13:07:32Z","publicdate":"2005-08-31T00:00:00Z","datefirstpublished":"2005-09-09T20:37:05Z","dateupdated":"2006-10-18T11:30:43Z","revision":69,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"13","cam_impact":"11","cam_easeofexploitation":"1","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.447875","cam_scorecurrentwidelyknown":"1.555125","cam_scorecurrentwidelyknownexploited":"2.627625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.447875,"vulnote":null}