// For flags

CVE-2005-2700

 

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-08-26 CVE Reserved
  • 2005-09-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (62)
URL Tag Source
http://marc.info/?l=apache-modssl&m=112569517603897&w=2 Mailing List
http://secunia.com/advisories/16700 Not Applicable
http://secunia.com/advisories/16705 Not Applicable
http://secunia.com/advisories/16714 Not Applicable
http://secunia.com/advisories/16743 Not Applicable
http://secunia.com/advisories/16746 Not Applicable
http://secunia.com/advisories/16748 Not Applicable
http://secunia.com/advisories/16753 Not Applicable
http://secunia.com/advisories/16754 Not Applicable
http://secunia.com/advisories/16769 Not Applicable
http://secunia.com/advisories/16771 Not Applicable
http://secunia.com/advisories/16789 Not Applicable
http://secunia.com/advisories/16864 Not Applicable
http://secunia.com/advisories/16956 Not Applicable
http://secunia.com/advisories/17088 Not Applicable
http://secunia.com/advisories/17288 Not Applicable
http://secunia.com/advisories/17311 Not Applicable
http://secunia.com/advisories/17813 Not Applicable
http://secunia.com/advisories/19072 Not Applicable
http://secunia.com/advisories/19073 Not Applicable
http://secunia.com/advisories/21848 Not Applicable
http://secunia.com/advisories/22523 Not Applicable
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm Third Party Advisory
http://www.kb.cert.org/vuls/id/744929 Third Party Advisory
http://www.osvdb.org/19188 Broken Link
http://www.securityfocus.com/bid/14721 Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 Broken Link
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167195 Issue Tracking
https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10416 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html 2023-02-13
http://marc.info/?l=bugtraq&m=112604765028607&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=112870296926652&w=2 2023-02-13
http://people.apache.org/~jorton/CAN-2005-2700.diff 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 2023-02-13
http://www.debian.org/security/2005/dsa-805 2023-02-13
http://www.debian.org/security/2005/dsa-807 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 2023-02-13
http://www.novell.com/linux/security/advisories/2005_51_apache2.html 2023-02-13
http://www.novell.com/linux/security/advisories/2005_52_apache2.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2005-608.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2005-773.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2005-816.html 2023-02-13
http://www.ubuntu.com/usn/usn-177-1 2023-02-13
https://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2005-2700 2005-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=1617741 2005-12-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.0.35 < 2.0.55
Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.55"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.0
Search vendor "Debian" for product "Debian Linux" and version "3.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 4.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "4.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.04"
-
Affected