Vulnerability CVE-2005-2700

Vulnerability Name:

CVE-2005-2700 (CCN-22149)

Assigned:

2005-08-30

Published:

2005-08-30

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: SGI Security Advisory Number 2005090101-U
SGI Advanced Linux Environment 3 Security Update #46

Source: MITRE
Type: CNA
CVE-2005-2700

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:982
Fix for security vulnerabilities in apache

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2005-608
httpd security update

Source: CCN
Type: RHSA-2005-773
mod_ssl security update

Source: CCN
Type: RHSA-2005-816
apache

Source: CCN
Type: SA16700
mod_ssl "SSLVerifyClient" Security Bypass Security Issue

Source: CCN
Type: SA16956
Avaya Products httpd/mod_ssl Vulnerabilities

Source: CCN
Type: SA17088
HP-UX Apache mod_ssl "SSLVerifyClient" Security Bypass Security Issue

Source: CCN
Type: SA17311
Red Hat Stronghold Multiple Vulnerabilities

Source: CCN
Type: SA17813
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SA19072
Sun Solaris Multiple Apache2 Vulnerabilities

Source: CCN
Type: SA19073
Sun Solaris Multiple Apache Vulnerabilities

Source: CCN
Type: SA22523
IBM HMC Apache2 / OpenSSL Vulnerabilities

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: The Apache HTTP Server Project Web site
Apache HTTP Server 2.0.55 Released

Source: CCN
Type: CIAC INFORMATION BULLETIN P-301
httpd Security Update

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: DEBIAN
Type: DSA-805
apache2 -- several vulnerabilities

Source: DEBIAN
Type: DSA-807
libapache-mod-ssl -- acl restriction bypass

Source: CCN
Type: GLSA-200509-12
Apache, mod_ssl: Multiple vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: US-CERT VU#744929
mod_ssl fails to properly enforce client certificates authentication

Source: secalert@redhat.com
Type: Third Party Advisory, US Government Resource
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: CCN
Type: mod_ssl Web site
mod_ssl: The Apache Interface to OpenSSL

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: CCN
Type: OpenPKG-SA-2005.017
Apache mod_ssl

Source: CCN
Type: OSVDB ID: 19188
Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-14721
Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: Slackware-Security Advisory SSA 2005-251-02
mod_ssl

Source: CCN
Type: TLSA-2005-94
Two vulnerabilities discovered in apache

Source: CCN
Type: USN-177-1
Apache 2 vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
modssl-sslverifyclient-bypass-security(22149)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: SUSE
Type: SUSE-SA:2005:052
apache2: local command execution authentication bypass memory consumption

Source: SUSE
Type: SUSE-SA:2006:051
Apache2 SSLVerifyClient problems

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20052700	V	CVE-2005-2700	2015-11-16
oval:org.mitre.oval:def:10416	V	ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.	2013-04-29
oval:org.debian:def:807	V	acl restriction bypass	2005-09-12
oval:org.debian:def:805	V	several vulnerabilities	2005-09-08
oval:com.redhat.rhsa:def:20050608	P	RHSA-2005:608: httpd security update (Important)	2005-09-06

BACK