Linux Distros Unpatched Vulnerability : CVE-2011-4973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering...

UBUNTU-CVE-2011-4973

Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password...

SUSE-SU-2016:2285-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements t...

MGASA-2016-0197 Updated apache-mod_nss packages fix CVE-2016-3099

Updated apache-modnss package fixes security vulnerability: Attempting to exclude ciphers from the list of accepted ciphers to use may not work as expected CVE-2016-3099...

SUSE-RU-2015:0591-1 Recommended update for apache2-mod_nss

This update brings several improvements to apache2-modnss. More TLS 1.2 ciphers have been added, including AES-GCM and Camelia ciphers. These can be selected by their tags: o rsaaes128sha256 o rsaaes128gcmsha o rsaaes256sha256 o rsacamellia128sha o rsacamellia256sha o ecdhecdsaaes128gcmsha o...

MGASA-2013-0381 Updated apache-mod_nss package fixes CVE-2013-4566

Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...

UBUNTU-CVE-2013-4566

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

mod_nss: incorrect handling of NSSVerifyClient in directory context

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...