Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability

Apache 2.x mod_ssl is prone to a restriction-bypass vulnerability that presents itself when mod_ssl is configured to be used with the 'SSLVerifyClient' directive.

This issue allows attackers to bypass security policies to gain access to locations that are configured to be forbidden for clients without a valid client certificate.


Privacy Statement
Copyright 2010, SecurityFocus