BSA-2017-105

Brocade Fabric OS

2 more products

21638

07 February 2017

03 January 2017

Closed

High

9.1

N/A

CVE-2016-4979

Summary

Security Advisory ID : BSA-2017-105

Component : Apache HTTPD

Revision : 2.0: Final


The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version

Change

Date

1.0

Initial Publication

Jan 3, 2017

2.0

Updated for Fabric OS

 Feb 7, 2018