An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration. This issue was reported in Apache bugzilla. This is a fairly rare and uncommon configuration, so the security impact is low.
Fixed in 2.0.51-2.9 for FC2: http://www.redhat.com/archives/fedora-announce-list/2004-November/msg00046.html