Decription: A vulnerability was reported in Apache HTTPD. A remote user can bypass client certificate authentication.
The web server's experimental module for HTTP/2 (mod_http2) does not properly validate an X.509 client. A remote user can bypass client certificate authentication to access web resources on the target system.
Affected versions: Apache v.2.4.18 through 2.4.20 using the mod_http2 module and with the h2 and h2c protocols activated in the configuration are affected.
Recommended action: Apply the vendor has issued a fix (2.4.23).