BSA-2017-105
21638
07 February 2017
03 January 2017
Closed
High
9.1
N/A
CVE-2016-4979
Summary Security Advisory ID : BSA-2017-105 Component : Apache HTTPD Revision : 2.0: Final
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
Jan 3, 2017 |
2.0 |
Updated for Fabric OS |
Feb 7, 2018 |