Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache-SSL < 1.3.29 / 1.53 SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery

High

Synopsis

The remote server is configured to allow a potential bypass of authorization.

Description

The remote host is running a version of Apache-SSL which is older than 1.3.29/1.53. This version is vulnerable to a flaw which may allow an attacker to make the remote server forge a client certificate.

Solution

Upgrade to version Apache-SSL 1.3.29/1.53 or later.