Vulnerabilities > CVE-2005-2700
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_051.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:051 (apache2). The web server Apache2 has been updated to fix several security issues: The security fix for CVE-2005-3357 (denial of service) broke the earlier security fix for SSL verification (CVE-2005-2700). This problem has been corrected. Additionally a cross site scripting bug with the last seen 2019-10-28 modified 2007-02-18 plugin id 24429 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24429 title SUSE-SA:2006:051: apache2 NASL family Fedora Local Security Checks NASL id FEDORA_2005-848.NASL description This update includes two security fixes. An issue was discovered in mod_ssl where last seen 2020-06-01 modified 2020-06-02 plugin id 19727 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19727 title Fedora Core 3 : httpd-2.0.53-3.3 (2005-848) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-161.NASL description A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 19916 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19916 title Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-773.NASL description An updated mod_ssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 19714 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19714 title RHEL 2.1 : mod_ssl (RHSA-2005:773) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-12.NASL description The remote host is affected by the vulnerability described in GLSA-200509-12 (Apache, mod_ssl: Multiple vulnerabilities) mod_ssl contains a security issue when last seen 2020-06-01 modified 2020-06-02 plugin id 19811 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19811 title GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-608.NASL description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 21845 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21845 title CentOS 3 / 4 : httpd (CESA-2005:608) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-177-1.NASL description Apache did not honour the last seen 2020-06-01 modified 2020-06-02 plugin id 20587 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20587 title Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-807.NASL description A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions. last seen 2020-06-01 modified 2020-06-02 plugin id 19682 published 2005-09-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19682 title Debian DSA-807-1 : libapache-mod-ssl - acl restriction bypass NASL family Fedora Local Security Checks NASL id FEDORA_2005-849.NASL description This update includes two security fixes. An issue was discovered in mod_ssl where last seen 2020-06-01 modified 2020-06-02 plugin id 19728 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19728 title Fedora Core 4 : httpd-2.0.54-10.2 (2005-849) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd last seen 2020-06-01 modified 2020-06-02 plugin id 127360 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127360 title NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-251-02.NASL description New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If last seen 2020-06-01 modified 2020-06-02 plugin id 19862 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19862 title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2005-251-02) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-009.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog last seen 2020-06-01 modified 2020-06-02 plugin id 20249 published 2005-11-30 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20249 title Mac OS X Multiple Vulnerabilities (Security Update 2005-009) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-805.NASL description Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback. When Apache is configured to use a CRL this can be used to cause a denial of service. - CAN-2005-2088 A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. - CAN-2005-2700 A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions. - CAN-2005-2728 The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field. last seen 2020-06-01 modified 2020-06-02 plugin id 19612 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19612 title Debian DSA-805-1 : apache2 - several vulnerabilities NASL family Web Servers NASL id APACHE_2_0_55.NASL description The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where last seen 2020-06-01 modified 2020-06-02 plugin id 31656 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31656 title Apache < 2.0.55 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-608.NASL description Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was discovered in mod_ssl last seen 2020-06-01 modified 2020-06-02 plugin id 19673 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19673 title RHEL 3 / 4 : httpd (RHSA-2005:608)
Oval
accepted | 2013-04-29T04:05:28.938-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10416 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://people.apache.org/~jorton/CAN-2005-2700.diff
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195
- http://www.securityfocus.com/bid/14721
- http://www.debian.org/security/2005/dsa-805
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:161
- http://www.debian.org/security/2005/dsa-807
- http://www.redhat.com/support/errata/RHSA-2005-608.html
- http://www.redhat.com/support/errata/RHSA-2005-773.html
- http://www.novell.com/linux/security/advisories/2005_51_apache2.html
- http://www.ubuntu.com/usn/usn-177-1
- http://www.kb.cert.org/vuls/id/744929
- http://www.osvdb.org/19188
- http://secunia.com/advisories/16700
- http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/16705
- http://secunia.com/advisories/16714
- http://secunia.com/advisories/16743
- http://secunia.com/advisories/16746
- http://secunia.com/advisories/16748
- http://secunia.com/advisories/16753
- http://secunia.com/advisories/16754
- http://secunia.com/advisories/16769
- http://secunia.com/advisories/16771
- http://secunia.com/advisories/16789
- http://secunia.com/advisories/16864
- http://secunia.com/advisories/16956
- http://secunia.com/advisories/17088
- http://secunia.com/advisories/17288
- http://secunia.com/advisories/17311
- http://secunia.com/advisories/17813
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://secunia.com/advisories/19073
- http://www.redhat.com/support/errata/RHSA-2005-816.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://www.novell.com/linux/security/advisories/2005_52_apache2.html
- http://secunia.com/advisories/21848
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
- http://secunia.com/advisories/22523
- http://www.vupen.com/english/advisories/2006/0789
- http://www.vupen.com/english/advisories/2006/4207
- http://www.vupen.com/english/advisories/2005/1625
- http://www.vupen.com/english/advisories/2005/2659
- http://marc.info/?l=bugtraq&m=112604765028607&w=2
- http://marc.info/?l=bugtraq&m=112870296926652&w=2
- http://marc.info/?l=apache-modssl&m=112569517603897&w=2
- https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E