Red Hat, Inc. Information for VU#744929

mod_ssl fails to properly enforce client certificates authentication

Status

Affected

Vendor Statement

Updated Apache httpd packages (for Red Hat Enterprise Linux 3 and 4) and an updated mod_ssl package (for Red Hat Enterprise Linux 2.1) to correct this issue are available at the URL below and by using the Red Hat Network 'up2date' tool.

http://rhn.redhat.com/errata/CAN-2005-2700.html.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Red Hat Security Advisory RHSA-2005:608 contains vulnerability and remediation information for Apache 2.

Red Hat Security Advisory RHSA-2005:773 contains vulnerability and remediation information for the mod_ssl package itself.

For Stronghold, consult RHSA-2005:882.

If you have feedback, comments, or additional information about this vulnerability, please send us email.