Vigil@nce - Apache mod_gnutls: client certificate not checked
March 2015 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use any X.509 certificate if the
GnuTLSClientVerify directive of mod_gnutls is not located in the
directory, in order to access to resources requiring a valid
client certificate.
Impacted products: Apache httpd, Unix (platform)
Severity: 2/4
Creation date: 23/02/2015
DESCRIPTION OF THE VULNERABILITY
The mod_gnutls module can be installed on Apache httpd.
The GnuTLSClientVerify directive can be located in two places: the
server wide configuration, and by directory. However, if the
directory configuration does not contain GnuTLSClientVerify, then
the server wide configuration is ignored.
An attacker can therefore use any X.509 certificate if the
GnuTLSClientVerify directive of mod_gnutls is not located in the
directory, in order to access to resources requiring a valid
client certificate.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-mod-gnutls-client-certificate-not-checked-16238