Apache: >> Mod-Gnutls Security Vulnerabilities
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
CVSS Score
5.0
EPSS Score
0.007
Published
2015-03-13