FreeBSD : apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used (e9d1e040-42c9-11e6-9608-20cf30e32f6d)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Apache Software Foundation reports :

The Apache HTTPD web server (from 2.4.18-2.4.20) did not validate a
X509 client certificate correctly when experimental module for the
HTTP/2 protocol is used to access a resource.

The net result is that a resource that should require a valid client
certificate in order to get access can be accessed without that

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91949 ()

Bugtraq ID:

CVE ID: CVE-2016-4979

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now