{"id": "OPENVAS:867162", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for mod_nss FEDORA-2013-22787", "description": "Check for the Version of mod_nss", "published": "2013-12-17T00:00:00", "modified": "2018-01-26T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867162", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["2013-22787", "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123451.html"], "cvelist": ["CVE-2013-4566"], "lastseen": "2018-01-26T11:09:31", "viewCount": 0, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2018-01-26T11:09:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4566"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867128", "OPENVAS:867128", "OPENVAS:1361412562310881829", "OPENVAS:1361412562310120549", "OPENVAS:1361412562310867374", "OPENVAS:871089", "OPENVAS:1361412562310871089", "OPENVAS:1361412562310881827", "OPENVAS:867374", "OPENVAS:1361412562310867162"]}, {"type": "centos", "idList": ["CESA-2013:1779"]}, {"type": "amazon", "idList": ["ALAS-2013-254", "ALAS-2013-253"]}, {"type": "redhat", "idList": ["RHSA-2013:1779"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1779"]}, {"type": "fedora", "idList": ["FEDORA:CECFD22C9E", "FEDORA:6EA2F23303", "FEDORA:CB9FF22D23"]}, {"type": "nessus", "idList": ["SL_20131203_MOD_NSS_ON_SL5_X.NASL", "SUSE_11_APACHE2-MOD_NSS-131203.NASL", "FEDORA_2013-22786.NASL", "REDHAT-RHSA-2013-1779.NASL", "OPENSUSE-2013-1030.NASL", "ORACLELINUX_ELSA-2013-1779.NASL", "CENTOS_RHSA-2013-1779.NASL", "ALA_ALAS-2013-254.NASL", "FEDORA_2013-22787.NASL", "FEDORA_2013-22730.NASL"]}], "modified": "2018-01-26T11:09:31", "rev": 2}, "vulnersScore": 5.4}, "pluginID": "867162", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_nss FEDORA-2013-22787\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867162);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for mod_nss FEDORA-2013-22787\");\n\n tag_insight = \"The mod_nss module provides strong cryptography for the Apache Web\nserver via the Secure Sockets Layer (SSL) and Transport Layer\nSecurity (TLS) protocols using the Network Security Services (NSS)\nsecurity library.\n\";\n\n tag_affected = \"mod_nss on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22787\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123451.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~27.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T06:06:56", "description": "mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.", "edition": 6, "cvss3": {}, "published": "2013-12-12T18:55:00", "title": "CVE-2013-4566", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4566"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:mod_nss_project:mod_nss:1.0.4", "cpe:/a:mod_nss_project:mod_nss:1.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:mod_nss_project:mod_nss:1.0.8", "cpe:/a:mod_nss_project:mod_nss:1.0.3", "cpe:/a:mod_nss_project:mod_nss:1.0.7", "cpe:/a:mod_nss_project:mod_nss:1.0.6", "cpe:/a:mod_nss_project:mod_nss:1.0.5", "cpe:/a:mod_nss_project:mod_nss:1.0.2", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2013-4566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4566", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mod_nss_project:mod_nss:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mod_nss_project:mod_nss:1.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-23T13:09:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "Check for the Version of mod_nss", "modified": "2018-01-23T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867128", "href": "http://plugins.openvas.org/nasl.php?oid=867128", "type": "openvas", "title": "Fedora Update for mod_nss FEDORA-2013-22786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_nss FEDORA-2013-22786\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867128);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:46:52 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for mod_nss FEDORA-2013-22786\");\n\n tag_insight = \"The mod_nss module provides strong cryptography for the Apache Web\nserver via the Secure Sockets Layer (SSL) and Transport Layer\nSecurity (TLS) protocols using the Network Security Services (NSS)\nsecurity library.\n\";\n\n tag_affected = \"mod_nss on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22786\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123456.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~27.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867128", "type": "openvas", "title": "Fedora Update for mod_nss FEDORA-2013-22786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_nss FEDORA-2013-22786\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867128\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:46:52 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for mod_nss FEDORA-2013-22786\");\n\n\n script_tag(name:\"affected\", value:\"mod_nss on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22786\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123456.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~27.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:1361412562310871089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871089", "type": "openvas", "title": "RedHat Update for mod_nss RHSA-2013:1779-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mod_nss RHSA-2013:1779-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871089\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:07:26 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for mod_nss RHSA-2013:1779-01\");\n\n\n script_tag(name:\"affected\", value:\"mod_nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&amp L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1779-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-December/msg00001.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~19.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_nss-debuginfo\", rpm:\"mod_nss-debuginfo~1.0.8~19.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_nss-debuginfo\", rpm:\"mod_nss-debuginfo~1.0.8~8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:1361412562310867374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867374", "type": "openvas", "title": "Fedora Update for mod_nss FEDORA-2013-22730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_nss FEDORA-2013-22730\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867374\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 20:27:10 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for mod_nss FEDORA-2013-22730\");\n script_tag(name:\"affected\", value:\"mod_nss on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22730\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123645.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~28.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:1361412562310881827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881827", "type": "openvas", "title": "CentOS Update for mod_nss CESA-2013:1779 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_nss CESA-2013:1779 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881827\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:10:03 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for mod_nss CESA-2013:1779 centos5\");\n\n script_tag(name:\"affected\", value:\"mod_nss on CentOS 5\");\n script_tag(name:\"insight\", value:\"The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&amp L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1779\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-December/020039.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2018-01-19T15:09:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "Check for the Version of mod_nss", "modified": "2018-01-19T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:881829", "href": "http://plugins.openvas.org/nasl.php?oid=881829", "type": "openvas", "title": "CentOS Update for mod_nss CESA-2013:1779 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_nss CESA-2013:1779 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881829);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:11:34 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for mod_nss CESA-2013:1779 centos6 \");\n\n tag_insight = \"The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&amp L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\n\";\n\n tag_affected = \"mod_nss on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1779\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-December/020033.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~19.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-22T13:09:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "Check for the Version of mod_nss", "modified": "2018-01-22T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:871089", "href": "http://plugins.openvas.org/nasl.php?oid=871089", "type": "openvas", "title": "RedHat Update for mod_nss RHSA-2013:1779-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mod_nss RHSA-2013:1779-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871089);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:07:26 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for mod_nss RHSA-2013:1779-01\");\n\n tag_insight = \"The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&amp L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\n\";\n\n tag_affected = \"mod_nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1779-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-December/msg00001.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~19.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_nss-debuginfo\", rpm:\"mod_nss-debuginfo~1.0.8~19.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_nss-debuginfo\", rpm:\"mod_nss-debuginfo~1.0.8~8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-17T23:01:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120546", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-253)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120546\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-253)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566 )\");\n script_tag(name:\"solution\", value:\"Run yum update mod_nss to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-253.html\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~19.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_nss-debuginfo\", rpm:\"mod_nss-debuginfo~1.0.8~19.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867162", "type": "openvas", "title": "Fedora Update for mod_nss FEDORA-2013-22787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_nss FEDORA-2013-22787\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867162\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:51 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for mod_nss FEDORA-2013-22787\");\n\n\n script_tag(name:\"affected\", value:\"mod_nss on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22787\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123451.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~27.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:51:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "description": "Check for the Version of mod_nss", "modified": "2017-07-10T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:881827", "href": "http://plugins.openvas.org/nasl.php?oid=881827", "type": "openvas", "title": "CentOS Update for mod_nss CESA-2013:1779 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_nss CESA-2013:1779 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881827);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:10:03 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-4566\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for mod_nss CESA-2013:1779 centos5 \");\n\n tag_insight = \"The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&amp L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\n\";\n\n tag_affected = \"mod_nss on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1779\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-December/020039.html\");\n script_summary(\"Check for the Version of mod_nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_nss\", rpm:\"mod_nss~1.0.8~8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:15", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1779\n\n\nThe mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032071.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-December/032077.html\n\n**Affected packages:**\nmod_nss\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1779.html", "edition": 3, "modified": "2013-12-03T23:06:38", "published": "2013-12-03T22:51:46", "href": "http://lists.centos.org/pipermail/centos-announce/2013-December/032071.html", "id": "CESA-2013:1779", "title": "mod_nss security update", "type": "centos", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "**Issue Overview:**\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. ([CVE-2013-4566 __](<https://access.redhat.com/security/cve/CVE-2013-4566>))\n\n \n**Affected Packages:** \n\n\nmod24_nss\n\n \n**Issue Correction:** \nRun _yum update mod24_nss_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod24_nss-debuginfo-1.0.8-24.17.amzn1.i686 \n mod24_nss-1.0.8-24.17.amzn1.i686 \n \n src: \n mod24_nss-1.0.8-24.17.amzn1.src \n \n x86_64: \n mod24_nss-1.0.8-24.17.amzn1.x86_64 \n mod24_nss-debuginfo-1.0.8-24.17.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-03T13:00:00", "published": "2013-12-03T13:00:00", "id": "ALAS-2013-254", "href": "https://alas.aws.amazon.com/ALAS-2013-254.html", "title": "Medium: mod24_nss", "type": "amazon", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "**Issue Overview:**\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. ([CVE-2013-4566 __](<https://access.redhat.com/security/cve/CVE-2013-4566>))\n\n \n**Affected Packages:** \n\n\nmod_nss\n\n \n**Issue Correction:** \nRun _yum update mod_nss_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_nss-1.0.8-19.12.amzn1.i686 \n mod_nss-debuginfo-1.0.8-19.12.amzn1.i686 \n \n src: \n mod_nss-1.0.8-19.12.amzn1.src \n \n x86_64: \n mod_nss-1.0.8-19.12.amzn1.x86_64 \n mod_nss-debuginfo-1.0.8-19.12.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-03T13:00:00", "published": "2013-12-03T13:00:00", "id": "ALAS-2013-253", "href": "https://alas.aws.amazon.com/ALAS-2013-253.html", "title": "Medium: mod_nss", "type": "amazon", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "The mod_nss module provides strong cryptography for the Apache HTTP Server\nvia the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)\nprotocols, using the Network Security Services (NSS) security library.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided.\n(CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this\nissue.\n\nAll mod_nss users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. The httpd service must be restarted\nfor this update to take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2013-12-03T05:00:00", "id": "RHSA-2013:1779", "href": "https://access.redhat.com/errata/RHSA-2013:1779", "type": "redhat", "title": "(RHSA-2013:1779) Moderate: mod_nss security update", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "[1.0.8-19]\n- Resolves: CVE-2013-4566\n- Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in\n directory context [rhel-6.5.z]", "edition": 4, "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "ELSA-2013-1779", "href": "http://linux.oracle.com/errata/ELSA-2013-1779.html", "title": "mod_nss security update", "type": "oraclelinux", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:11:31", "description": "A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-12-13T00:00:00", "title": "Fedora 19 : mod_nss-1.0.8-27.fc19 (2013-22787)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-13T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:mod_nss"], "id": "FEDORA_2013-22787.NASL", "href": "https://www.tenable.com/plugins/nessus/71384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22787.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71384);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_bugtraq_id(64114);\n script_xref(name:\"FEDORA\", value:\"2013-22787\");\n\n script_name(english:\"Fedora 19 : mod_nss-1.0.8-27.fc19 (2013-22787)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1016832\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123451.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?717cf2d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mod_nss-1.0.8-27.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T13:13:49", "description": "An updated mod_nss package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe mod_nss module provides strong cryptography for the Apache HTTP\nServer via the Secure Sockets Layer (SSL) and Transport Layer Security\n(TLS) protocols, using the Network Security Services (NSS) security\nlibrary.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting\nthis issue.\n\nAll mod_nss users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. The httpd service\nmust be restarted for this update to take effect.", "edition": 24, "published": "2013-12-04T00:00:00", "title": "RHEL 5 / 6 : mod_nss (RHSA-2013:1779)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-04T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:mod_nss", "p-cpe:/a:redhat:enterprise_linux:mod_nss-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1779.NASL", "href": "https://www.tenable.com/plugins/nessus/71190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1779. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71190);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_xref(name:\"RHSA\", value:\"2013:1779\");\n\n script_name(english:\"RHEL 5 / 6 : mod_nss (RHSA-2013:1779)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated mod_nss package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe mod_nss module provides strong cryptography for the Apache HTTP\nServer via the Secure Sockets Layer (SSL) and Transport Layer Security\n(TLS) protocols, using the Network Security Services (NSS) security\nlibrary.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting\nthis issue.\n\nAll mod_nss users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. The httpd service\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss and / or mod_nss-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1779\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_nss-1.0.8-8.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_nss-1.0.8-8.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_nss-1.0.8-8.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_nss-debuginfo-1.0.8-8.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_nss-debuginfo-1.0.8-8.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_nss-debuginfo-1.0.8-8.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_nss-1.0.8-19.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_nss-1.0.8-19.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_nss-1.0.8-19.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_nss-debuginfo-1.0.8-19.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_nss-debuginfo-1.0.8-19.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_nss-debuginfo-1.0.8-19.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss / mod_nss-debuginfo\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:11:30", "description": "A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-12-14T00:00:00", "title": "Fedora 20 : mod_nss-1.0.8-28.fc20 (2013-22730)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mod_nss", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-22730.NASL", "href": "https://www.tenable.com/plugins/nessus/71420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22730.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71420);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_bugtraq_id(64114);\n script_xref(name:\"FEDORA\", value:\"2013-22730\");\n\n script_name(english:\"Fedora 20 : mod_nss-1.0.8-28.fc20 (2013-22730)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1016832\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48272b5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mod_nss-1.0.8-28.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T14:37:29", "description": "This update fixes the following security issues with apache2-mod_nss :\n\n - client certificate verification problematic\n (CVE-2013-4566). (bnc#853039)", "edition": 17, "published": "2013-12-23T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : apache2-mod_nss (SAT Patch Numbers 8610 / 8611)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-23T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:apache2-mod_nss"], "id": "SUSE_11_APACHE2-MOD_NSS-131203.NASL", "href": "https://www.tenable.com/plugins/nessus/71614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71614);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4566\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : apache2-mod_nss (SAT Patch Numbers 8610 / 8611)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues with apache2-mod_nss :\n\n - client certificate verification problematic\n (CVE-2013-4566). (bnc#853039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4566.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8610 / 8611 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-mod_nss-1.0.8-0.4.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-mod_nss-1.0.8-0.4.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T13:48:01", "description": "A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nThe httpd service must be restarted for this update to take effect.", "edition": 14, "published": "2013-12-10T00:00:00", "title": "Scientific Linux Security Update : mod_nss on SL5.x, SL6.x i386/x86_64 (20131203)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-10T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mod_nss", "p-cpe:/a:fermilab:scientific_linux:mod_nss-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131203_MOD_NSS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/71304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71304);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4566\");\n\n script_name(english:\"Scientific Linux Security Update : mod_nss on SL5.x, SL6.x i386/x86_64 (20131203)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nThe httpd service must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=2055\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e8ff767\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss and / or mod_nss-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"mod_nss-1.0.8-8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_nss-debuginfo-1.0.8-8.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"mod_nss-1.0.8-19.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_nss-debuginfo-1.0.8-19.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss / mod_nss-debuginfo\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:26:08", "description": " - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes\n CVE-2013-4566: If 'NSSVerifyClient none' is set in the\n server / vhost context (i.e. when server is configured\n to not request or require client certificate\n authentication on the initial connection), and client\n certificate authentication is expected to be required\n for a specific directory via 'NSSVerifyClient require'\n setting, mod_nss fails to properly require certificate\n authentication. Remote attacker can use this to access\n content of the restricted directories. [bnc#853039]\n\n - glue documentation added to\n /etc/apache2/conf.d/mod_nss.conf :\n\n - simultaneaous usage of mod_ssl and mod_nss\n\n - SNI concurrency\n\n - SUSE framework for apache configuration, Listen\n directive\n\n - module initialization\n\n - mod_nss-conf.patch obsoleted by scratch-version of\n nss.conf.in or mod_nss.conf, respectively. This also\n leads to the removal of nss.conf.in specific chunks in\n mod_nss-negotiate.patch and mod_nss-tlsv1_1.patch .\n\n - mod_nss_migrate.pl conversion script added; not patched\n from source, but partially rewritten.\n\n - README-SUSE.txt added with step-by-step instructions on\n how to convert and manage certificates and keys, as well\n as a rationale about why mod_nss was included in SLES.\n\n - package ready for submission [bnc#847216]\n\n - generic cleanup of the package :\n\n - explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2\n support came with this version - this is the objective\n behind this version update of apache2-mod_nss. Tracker\n bug [bnc#847216]\n\n - change path /etc/apache2/alias to /etc/apache2/mod_nss.d\n to avoid ambiguously interpreted name of directory.\n\n - merge content of /etc/apache2/alias to\n /etc/apache2/mod_nss.d if /etc/apache2/alias exists.\n\n - set explicit filemodes 640 for %post generated *.db\n files in /etc/apache2/mod_nss.d", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : apache2-mod_nss (openSUSE-SU-2013:1956-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_nss-debugsource", "p-cpe:/a:novell:opensuse:apache2-mod_nss-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_nss", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2013-1030.NASL", "href": "https://www.tenable.com/plugins/nessus/74874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-1030.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74874);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4566\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_nss (openSUSE-SU-2013:1956-1)\");\n script_summary(english:\"Check for the openSUSE-2013-1030 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - mod_nss-CVE-2013-4566-NSSVerifyClient.diff fixes\n CVE-2013-4566: If 'NSSVerifyClient none' is set in the\n server / vhost context (i.e. when server is configured\n to not request or require client certificate\n authentication on the initial connection), and client\n certificate authentication is expected to be required\n for a specific directory via 'NSSVerifyClient require'\n setting, mod_nss fails to properly require certificate\n authentication. Remote attacker can use this to access\n content of the restricted directories. [bnc#853039]\n\n - glue documentation added to\n /etc/apache2/conf.d/mod_nss.conf :\n\n - simultaneaous usage of mod_ssl and mod_nss\n\n - SNI concurrency\n\n - SUSE framework for apache configuration, Listen\n directive\n\n - module initialization\n\n - mod_nss-conf.patch obsoleted by scratch-version of\n nss.conf.in or mod_nss.conf, respectively. This also\n leads to the removal of nss.conf.in specific chunks in\n mod_nss-negotiate.patch and mod_nss-tlsv1_1.patch .\n\n - mod_nss_migrate.pl conversion script added; not patched\n from source, but partially rewritten.\n\n - README-SUSE.txt added with step-by-step instructions on\n how to convert and manage certificates and keys, as well\n as a rationale about why mod_nss was included in SLES.\n\n - package ready for submission [bnc#847216]\n\n - generic cleanup of the package :\n\n - explicit Requires: to mozilla-nss >= 3.15.1, as TLS-1.2\n support came with this version - this is the objective\n behind this version update of apache2-mod_nss. Tracker\n bug [bnc#847216]\n\n - change path /etc/apache2/alias to /etc/apache2/mod_nss.d\n to avoid ambiguously interpreted name of directory.\n\n - merge content of /etc/apache2/alias to\n /etc/apache2/mod_nss.d if /etc/apache2/alias exists.\n\n - set explicit filemodes 640 for %post generated *.db\n files in /etc/apache2/mod_nss.d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_nss-1.0.8-0.4.6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_nss-debuginfo-1.0.8-0.4.6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_nss-debugsource-1.0.8-0.4.6.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_nss / apache2-mod_nss-debuginfo / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-02-01T01:20:33", "description": "A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)", "edition": 24, "published": "2014-02-04T00:00:00", "title": "Amazon Linux AMI : mod_nss (ALAS-2013-253)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod_nss", "p-cpe:/a:amazon:linux:mod_nss-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-253.NASL", "href": "https://www.tenable.com/plugins/nessus/72266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-253.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72266);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_xref(name:\"ALAS\", value:\"2013-253\");\n script_xref(name:\"RHSA\", value:\"2013:1779\");\n\n script_name(english:\"Amazon Linux AMI : mod_nss (ALAS-2013-253)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-253.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod_nss' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod_nss-1.0.8-19.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_nss-debuginfo-1.0.8-19.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss / mod_nss-debuginfo\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-02-01T01:20:33", "description": "A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)", "edition": 24, "published": "2013-12-10T00:00:00", "title": "Amazon Linux AMI : mod24_nss (ALAS-2013-254)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod24_nss-debuginfo", "p-cpe:/a:amazon:linux:mod24_nss", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-254.NASL", "href": "https://www.tenable.com/plugins/nessus/71270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-254.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71270);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_xref(name:\"ALAS\", value:\"2013-254\");\n script_xref(name:\"RHSA\", value:\"2013:1779\");\n\n script_name(english:\"Amazon Linux AMI : mod24_nss (ALAS-2013-254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-254.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod24_nss' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod24_nss-1.0.8-24.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_nss-debuginfo-1.0.8-24.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod24_nss / mod24_nss-debuginfo\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T12:48:24", "description": "From Red Hat Security Advisory 2013:1779 :\n\nAn updated mod_nss package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe mod_nss module provides strong cryptography for the Apache HTTP\nServer via the Secure Sockets Layer (SSL) and Transport Layer Security\n(TLS) protocols, using the Network Security Services (NSS) security\nlibrary.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting\nthis issue.\n\nAll mod_nss users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. The httpd service\nmust be restarted for this update to take effect.", "edition": 21, "published": "2013-12-04T00:00:00", "title": "Oracle Linux 5 / 6 : mod_nss (ELSA-2013-1779)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-04T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:mod_nss", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2013-1779.NASL", "href": "https://www.tenable.com/plugins/nessus/71187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1779 and \n# Oracle Linux Security Advisory ELSA-2013-1779 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71187);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_bugtraq_id(64114);\n script_xref(name:\"RHSA\", value:\"2013:1779\");\n\n script_name(english:\"Oracle Linux 5 / 6 : mod_nss (ELSA-2013-1779)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1779 :\n\nAn updated mod_nss package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe mod_nss module provides strong cryptography for the Apache HTTP\nServer via the Secure Sockets Layer (SSL) and Transport Layer Security\n(TLS) protocols, using the Network Security Services (NSS) security\nlibrary.\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient\nsetting for the per-directory context. When configured to not require\na client certificate for the initial connection and only require it\nfor a specific directory, mod_nss failed to enforce this requirement\nand allowed a client to access the directory when no valid client\ncertificate was provided. (CVE-2013-4566)\n\nRed Hat would like to thank Albert Smith of OUSD(AT&L) for reporting\nthis issue.\n\nAll mod_nss users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. The httpd service\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-December/003849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-December/003851.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"mod_nss-1.0.8-8.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"mod_nss-1.0.8-19.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:11:31", "description": "A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-12-13T00:00:00", "title": "Fedora 18 : mod_nss-1.0.8-27.fc18 (2013-22786)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4566"], "modified": "2013-12-13T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:mod_nss"], "id": "FEDORA_2013-22786.NASL", "href": "https://www.tenable.com/plugins/nessus/71383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22786.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71383);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4566\");\n script_bugtraq_id(64114);\n script_xref(name:\"FEDORA\", value:\"2013-22786\");\n\n script_name(english:\"Fedora 18 : mod_nss-1.0.8-27.fc18 (2013-22786)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way NSSVerifyClient was handled when used in\nboth server / vhost context as well as directory context (specified\neither via <Directory> or <Location> directive). If 'NSSVerifyClient\nnone' was set in the server / vhost context (i.e. when server is\nconfigured to not request or require client certificate authentication\non the initial connection), and client certificate authentication was\nexpected to be required for a specific directory via 'NSSVerifyClient\nrequire' setting, mod_nss failed to properly require expected\ncertificate authentication. Remote attacker able to connect to the web\nserver using such mod_nss configuration and without a valid client\ncertificate could possibly use this flaw to access content of the\nrestricted directories.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1016832\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123456.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb55f93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_nss package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"mod_nss-1.0.8-27.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_nss\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library. ", "modified": "2013-12-13T05:05:02", "published": "2013-12-13T05:05:02", "id": "FEDORA:CECFD22C9E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: mod_nss-1.0.8-27.fc18", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library. ", "modified": "2013-12-13T05:03:58", "published": "2013-12-13T05:03:58", "id": "FEDORA:CB9FF22D23", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mod_nss-1.0.8-27.fc19", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4566"], "description": "The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library. ", "modified": "2013-12-14T03:03:31", "published": "2013-12-14T03:03:31", "id": "FEDORA:6EA2F23303", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mod_nss-1.0.8-28.fc20", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}]}