A security issue has been reported in Apache2, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that a client can access a location using any cipher suite allowed by the virtual host configuration even though access to that location has been configured to require a specific set of cipher suites.
Successful exploitation requires that the mod_ssl module has been configured with the "SSLCipherSuite" directive in directory or location context.
The security issue affects versions 2.0.35 through 2.0.52.
SOFTWARE:
Apache 2.0.x
SOLUTION:
The issue has been fixed in version 2.0.53-dev.
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
http://community.securityteam.us/article.php/20041011095408289