Endpoint Vulnerability

Apache Httpd - important:TLS/SSL X.509 client certificate auth bypass with HTTP/2(CVE-2016-4979)

Description

For configurations enabling support for HTTP/2, SSL client certificate validation was not enforced if configured, allowing clients unauthorized access to protected resources over HTTP/2.

Affected Products

Apache Httpd

References

CVE-2016-4979,