Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the one-line DN of the target user.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apache-ssl | Apache-ssl | * | 1.3.28_1.52 (including) |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |