16 matches found
MiracleLinux 4 : mod_nss-1.0.8-19.AXS4 (AXSA:2014-001:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-001:01 advisory. The modnss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the...
EUVD-2013-4424
Malware in sbrugna...
Mageia: Security Advisory (MGASA-2013-0381)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Authorization Bypass
modnss is vulnerable to authorization bypass attacks. The vulnerability exists in modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended...
Amazon Linux AMI : mod_nss (ALAS-2013-253)
A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed a client to acce...
Updated apache-mod_nss package fixes CVE-2013-4566
Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...
Fedora 20 : mod_nss-1.0.8-28.fc20 (2013-22730)
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context specified either via or directive. If 'NSSVerifyClient none' was set in the server / vhost context i.e. when server is configured to not request or require client...
Fedora 18 : mod_nss-1.0.8-27.fc18 (2013-22786)
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context specified either via or directive. If 'NSSVerifyClient none' was set in the server / vhost context i.e. when server is configured to not request or require client...
Design/Logic Flaw
modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...
CVE-2013-4566
modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...
Scientific Linux Security Update : mod_nss on SL5.x, SL6.x i386/x86_64 (20131203)
A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed a client to acce...
Amazon Linux AMI : mod24_nss (ALAS-2013-254)
A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed a client to acce...
CentOS Update for mod_nss CESA-2013:1779 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: mod24_nss
Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...
mod_nss security update
1.0.8-19 - Resolves: CVE-2013-4566 - Bugzilla Bug 1030265 - modnss: incorrect handling of NSSVerifyClient in directory context rhel-6.5.z...
Medium: mod_nss
Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...