[3.4] apache2: X509 Client certificate based authentication can be bypassed when HTTP/2 is used (CVE-2016-4979)| ID: oval:org.secpod.oval:def:1800470 | Date: (C)2018-03-30 (M)2023-12-07 |
| Class: PATCH | Family: unix |
The Apache HTTPD web server did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate in order to get access can be accessed without that credential. Fixed In Version: 2.4.23
| Platform: |
| Alpine Linux 3.4 |
