[3.5] apache2: X509 Client certificate based authentication can be bypassed when HTTP/2 is used (CVE-2016-4979)| ID: oval:org.secpod.oval:def:1800074 | Date: (C)2018-03-28 (M)2023-11-10 |
| Class: PATCH | Family: unix |
The Apache HTTPD web server did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate in order to get access can be accessed without that credential. Fixed in version 2.4.23
| Platform: |
| Alpine Linux 3.5 |
