Monday, October 18, 2004

Apache mod_ssl SSLCipherSuite Access Validation Vulnerability

Hope every one had a good weekend

I am not sure if most of us are aware of this mod_ssl apache venruability.

Apache 2.x mod_ssl is reported prone to an access validation vulnerability. This issue presents itself when mod_ssl is configured to be used with the 'SSLCipherSuite' directive. It is reported that this vulnerability allows a client to use any cipher suite allowed by the virtual host configuration regardless of cipher suites specified for a specific directory. This can allow an attacker to bypass security policies and access potentially sensitive data.

Apache versions 2.0.35 to 2.0.52 are reported vulnerable to this issue.

You can reaad more of it at SecurityFocus site here.


Post a Comment

<< Home