Unrated severityNVD Advisory· Published Sep 6, 2005· Updated Apr 16, 2026

CVE-2005-2700

Description

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Affected products

Apache/HTTP Server
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Range: >=2.0.35,<2.0.55
Canonical/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
people.apache.org/~jorton/CAN-2005-2700.diffnvdVendor Advisory
support.avaya.com/elmodocs2/security/ASA-2006-081.htmnvdThird Party Advisory
www.debian.org/security/2005/dsa-805nvdThird Party Advisory
www.debian.org/security/2005/dsa-807nvdThird Party Advisory
www.gentoo.org/security/en/glsa/glsa-200509-12.xmlnvdThird Party Advisory
www.kb.cert.org/vuls/id/744929nvdThird Party AdvisoryUS Government Resource
www.redhat.com/support/errata/RHSA-2005-608.htmlnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2005-773.htmlnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2005-816.htmlnvdThird Party Advisory
www.securityfocus.com/bid/14721nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-177-1nvdThird Party Advisory
bugzilla.redhat.com/bugzilla/show_bug.cginvdIssue TrackingThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.htmlnvdMailing ListThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416nvdThird Party Advisory
lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlnvdBroken Link
secunia.com/advisories/16700nvdNot Applicable
secunia.com/advisories/16705nvdNot Applicable
secunia.com/advisories/16714nvdNot Applicable
secunia.com/advisories/16743nvdNot Applicable
secunia.com/advisories/16746nvdNot Applicable
secunia.com/advisories/16748nvdNot Applicable
secunia.com/advisories/16753nvdNot Applicable
secunia.com/advisories/16754nvdNot Applicable
secunia.com/advisories/16769nvdNot Applicable
secunia.com/advisories/16771nvdNot Applicable
secunia.com/advisories/16789nvdNot Applicable
secunia.com/advisories/16864nvdNot Applicable
secunia.com/advisories/16956nvdNot Applicable
secunia.com/advisories/17088nvdNot Applicable
secunia.com/advisories/17288nvdNot Applicable
secunia.com/advisories/17311nvdNot Applicable
secunia.com/advisories/17813nvdNot Applicable
secunia.com/advisories/19072nvdNot Applicable
secunia.com/advisories/19073nvdNot Applicable
secunia.com/advisories/21848nvdNot Applicable
secunia.com/advisories/22523nvdNot Applicable
sunsolve.sun.com/search/document.donvdBroken Link
sunsolve.sun.com/search/document.donvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.novell.com/linux/security/advisories/2005_51_apache2.htmlnvdBroken Link
www.novell.com/linux/security/advisories/2005_52_apache2.htmlnvdBroken Link
www.osvdb.org/19188nvdBroken Link
www.vupen.com/english/advisories/2005/1625nvdPermissions Required
www.vupen.com/english/advisories/2005/2659nvdPermissions Required
www.vupen.com/english/advisories/2006/0789nvdPermissions Required
www.vupen.com/english/advisories/2006/4207nvdPermissions Required
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjdnvdBroken Link
lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3Envd
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3Envd
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3Envd
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000