Lucene search

Gentoo FoundationMGASA-2013-0381

HistoryDec 20, 2013 - 9:27 p.m.

Updated apache-mod_nss package fixes CVE-2013-4566

2013-12-2021:27:18

Gentoo Foundation

advisories.mageia.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Updated apache-mod_nss package fixes security vulnerability: A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided (CVE-2013-4566).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchapache-mod_nss< 1.0.8-16.4apache-mod_nss-1.0.8-16.4.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	apache-mod_nss	< 1.0.8-16.4	apache-mod_nss-1.0.8-16.4.mga3

References

bugs.mageia.org/show_bug.cgi?id=11872

rhn.redhat.com/errata/RHSA-2013-1779.html

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for MGASA-2013-0381