CVE Vulnerabilities

CVE-2004-0009

Published: Mar 03, 2004 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the one-line DN of the target user.

Affected Software

Name Vendor Start Version End Version
Apache-ssl Apache-ssl * 1.3.28_1.52 (including)
Apache Ubuntu dapper *
Apache Ubuntu edgy *
Apache Ubuntu feisty *

References