Description
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2010-0902 Vulnerability (CVE-2010-0902)
Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 1.5.20)
WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)
WordPress Plugin Floating Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin Better Search Cross-Site Request Forgery (2.5.2)