The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when GnuTLSClientVerify require is set, which allows remote attackers to spoof clients via a crafted certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mod-gnutls | Apache | * | 0.5.1 (including) |