National Vulnerability Database (NVD) National Vulnerability Database (CVE-2005-2700)

National Cyber-Alert System

Vulnerability Summary for CVE-2005-2700

Original release date:09/06/2005

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Apache (07/02/2008): Fixed in Apache HTTP server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#744929

Name: VU#744929

Hyperlink:http://www.kb.cert.org/vuls/id/744929

External Source: MLIST

Name: [apache-modssl] 20050902 [ANNOUNCE] mod_ssl 2.8.24-1.3.33

Type: Patch Information

Hyperlink:http://marc.theaimsgroup.com/?l=apache-modssl&m=112569517603897&w=2

External Source: CONFIRM

Name: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195

Hyperlink:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195

External Source: BID

Name: 14721

Hyperlink:http://www.securityfocus.com/bid/14721

External Source: CONFIRM

Name: http://people.apache.org/~jorton/CAN-2005-2700.diff

Hyperlink:http://people.apache.org/~jorton/CAN-2005-2700.diff

External Source: CONFIRM

Name: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

Hyperlink:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

External Source: UBUNTU

Name: USN-177-1

Hyperlink:http://www.ubuntu.com/usn/usn-177-1

External Source: REDHAT

Name: RHSA-2005:816

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-816.html

External Source: REDHAT

Name: RHSA-2005:773

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-773.html

External Source: REDHAT

Name: RHSA-2005:608

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-608.html

External Source: OSVDB

Name: 19188

Hyperlink:http://www.osvdb.org/19188

External Source: SUSE

Name: SUSE-SA:2006:051

Hyperlink:http://www.novell.com/linux/security/advisories/2006_51_apache.html

External Source: SUSE

Name: SUSE-SA:2005:052

Hyperlink:http://www.novell.com/linux/security/advisories/2005_52_apache2.html

External Source: SUSE

Name: SUSE-SA:2005:051

Hyperlink:http://www.novell.com/linux/security/advisories/2005_51_apache2.html

External Source: MANDRIVA

Name: MDKSA-2005:161

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2005:161

External Source: GENTOO

Name: GLSA-200509-12

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml

External Source: VUPEN

Name: ADV-2006-4207

Hyperlink:http://www.frsirt.com/english/advisories/2006/4207

External Source: VUPEN

Name: ADV-2006-0789

Hyperlink:http://www.frsirt.com/english/advisories/2006/0789

External Source: VUPEN

Name: ADV-2005-2659

Hyperlink:http://www.frsirt.com/english/advisories/2005/2659

External Source: VUPEN

Name: ADV-2005-1625

Hyperlink:http://www.frsirt.com/english/advisories/2005/1625

External Source: DEBIAN

Name: DSA-807

Hyperlink:http://www.debian.org/security/2005/dsa-807

External Source: DEBIAN

Name: DSA-805

Hyperlink:http://www.debian.org/security/2005/dsa-805

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

External Source: SUNALERT

Name: 102198

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

External Source: SUNALERT

Name: 102197

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1

External Source: SECUNIA

Name: 22523

Hyperlink:http://secunia.com/advisories/22523

External Source: SECUNIA

Name: 21848

Hyperlink:http://secunia.com/advisories/21848

External Source: SECUNIA

Name: 19073

Hyperlink:http://secunia.com/advisories/19073

External Source: SECUNIA

Name: 19072

Hyperlink:http://secunia.com/advisories/19072

External Source: SECUNIA

Name: 17813

Hyperlink:http://secunia.com/advisories/17813

External Source: SECUNIA

Name: 17311

Hyperlink:http://secunia.com/advisories/17311

External Source: SECUNIA

Name: 17288

Hyperlink:http://secunia.com/advisories/17288

External Source: SECUNIA

Name: 17088

Hyperlink:http://secunia.com/advisories/17088

External Source: SECUNIA

Name: 16956

Hyperlink:http://secunia.com/advisories/16956

External Source: SECUNIA

Name: 16864

Hyperlink:http://secunia.com/advisories/16864

External Source: SECUNIA

Name: 16789

Hyperlink:http://secunia.com/advisories/16789

External Source: SECUNIA

Name: 16771

Hyperlink:http://secunia.com/advisories/16771

External Source: SECUNIA

Name: 16769

Hyperlink:http://secunia.com/advisories/16769

External Source: SECUNIA

Name: 16754

Hyperlink:http://secunia.com/advisories/16754

External Source: SECUNIA

Name: 16753

Hyperlink:http://secunia.com/advisories/16753

External Source: SECUNIA

Name: 16748

Hyperlink:http://secunia.com/advisories/16748

External Source: SECUNIA

Name: 16746

Hyperlink:http://secunia.com/advisories/16746

External Source: SECUNIA

Name: 16743

Hyperlink:http://secunia.com/advisories/16743

External Source: SECUNIA

Name: 16714

Hyperlink:http://secunia.com/advisories/16714

External Source: SECUNIA

Name: 16705

Hyperlink:http://secunia.com/advisories/16705

External Source: SECUNIA

Name: 16700

Hyperlink:http://secunia.com/advisories/16700

External Source: HP

Name: HPSBUX01232

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=112870296926652&w=2

External Source: OPENPKG

Name: OpenPKG-SA-2005.017

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=112604765028607&w=2

External Source: TRUSTIX

Name: TSLSA-2005-0059

Hyperlink:http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

External Source: SUSE

Name: SuSE-SA:2006:051

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:http_server:2.0

* cpe:/a:apache:http_server:2.0.28

* cpe:/a:apache:http_server:2.0.28:beta

* cpe:/a:apache:http_server:2.0.32

* cpe:/a:apache:http_server:2.0.35

* cpe:/a:apache:http_server:2.0.36

* cpe:/a:apache:http_server:2.0.37

* cpe:/a:apache:http_server:2.0.38

* cpe:/a:apache:http_server:2.0.39

* cpe:/a:apache:http_server:2.0.40

* cpe:/a:apache:http_server:2.0.41

* cpe:/a:apache:http_server:2.0.42

* cpe:/a:apache:http_server:2.0.43

* cpe:/a:apache:http_server:2.0.44

* cpe:/a:apache:http_server:2.0.45

* cpe:/a:apache:http_server:2.0.46

* cpe:/a:apache:http_server:2.0.47

* cpe:/a:apache:http_server:2.0.48

* cpe:/a:apache:http_server:2.0.49

* cpe:/a:apache:http_server:2.0.50

* cpe:/a:apache:http_server:2.0.51

* cpe:/a:apache:http_server:2.0.52

* cpe:/a:apache:http_server:2.0.53

* cpe:/a:apache:http_server:2.0.54

* cpe:/a:apache:http_server:2.0.9

* cpe:/a:apache:http_server:2.1

* cpe:/a:apache:http_server:2.1.1

* cpe:/a:apache:http_server:2.1.2

* cpe:/a:apache:http_server:2.1.3

* cpe:/a:apache:http_server:2.1.4

* cpe:/a:apache:http_server:2.1.5

* cpe:/a:apache:http_server:2.1.6

* cpe:/a:mod_ssl:mod_ssl:2.0.15

* cpe:/a:mod_ssl:mod_ssl:2.1.8

* cpe:/a:mod_ssl:mod_ssl:2.2.8

* cpe:/a:mod_ssl:mod_ssl:2.3.11

* cpe:/a:mod_ssl:mod_ssl:2.4.10

* cpe:/a:mod_ssl:mod_ssl:2.5.1

* cpe:/a:mod_ssl:mod_ssl:2.6.6

* cpe:/a:mod_ssl:mod_ssl:2.7.1

* cpe:/a:mod_ssl:mod_ssl:2.8.14

* cpe:/a:mod_ssl:mod_ssl:2.8.15

* cpe:/a:mod_ssl:mod_ssl:2.8.16

* cpe:/a:mod_ssl:mod_ssl:2.8.18

* cpe:/a:mod_ssl:mod_ssl:2.8.19

* cpe:/a:mod_ssl:mod_ssl:2.8.20

* cpe:/a:mod_ssl:mod_ssl:2.8.21

* cpe:/a:mod_ssl:mod_ssl:2.8.22

* cpe:/a:mod_ssl:mod_ssl:2.8.23

* cpe:/a:mod_ssl:mod_ssl:2.8.24

Configuration 2

* cpe:/o:redhat:enterprise_linux:3.0::advanced_servers

* cpe:/o:redhat:enterprise_linux:3.0::enterprise_server

* cpe:/o:redhat:enterprise_linux:3.0::workstation

* cpe:/o:redhat:enterprise_linux:4.0::advanced_server

* cpe:/o:redhat:enterprise_linux:4.0::enterprise_server

* cpe:/o:redhat:enterprise_linux:4.0::workstation

* cpe:/o:redhat:enterprise_linux_desktop:3.0

* cpe:/o:redhat:enterprise_linux_desktop:4.0

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700