Описание
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.3.34-2ubuntu0.1 |
| devel | DNE | |
| edgy | released | 1.3.34-4ubuntu1 |
| feisty | released | 1.3.34-4ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
EPSS
7.5 High
CVSS2