Debian Linux Information for VU#744929
mod_ssl fails to properly enforce client certificates authentication
- Vendor Information Help Date Notified: 07 Sep 2005
- Statement Date:
- Date Updated: 12 Sep 2005
For Apache 2.0:
The old stable distribution (woody) does not contain Apache2 packages.
For the stable distribution (sarge) these problems have been fixed in version 2.0.54-5.
For the unstable distribution (sid) these problems have been fixed in version 2.0.54-5.
For Apache 1.3:
For the old stable distribution (woody) this problem has been fixed in version 2.8.9-2.5.
For the stable distribution (sarge) this problem has been fixed in version 2.8.22-1sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.8.24-1.
The vendor has not provided us with any further information regarding this vulnerability.
Debian Security Advisory DBA-805-1 contains additional details for the apache2 package.
Debian Security Advisory DBA-807-1 contains vulnerability and remediation details for mod_ssl (package name libapache-mod-ssl).
If you have feedback, comments, or additional information about this vulnerability, please send us email.