Authorization Bypass

2019-01-1508:52:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

mod_nss is vulnerable to authorization bypass attacks. The vulnerability exists in mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

CPENameOperatorVersion
mod_nsseq1.0.8__3.el5
mod_nsseq1.0.8__7.el5
mod_nsseq1.0.8__8.el6
mod_nsseq1.0.8__2.el5idm
mod_nsseq1.0.3__4.el5
mod_nsseq1.0.3__6.el5
mod_nsseq1.0.8__4.el5_6.1
mod_nsseq1.0.8__4.el5_8.2
mod_nsseq1.0.8__1.el5idm
mod_nsseq1.0.8__18.el6

Name	Operator	Version
mod_nss	eq	1.0.8__3.el5
mod_nss	eq	1.0.8__7.el5
mod_nss	eq	1.0.8__8.el6
mod_nss	eq	1.0.8__2.el5idm
mod_nss	eq	1.0.3__4.el5
mod_nss	eq	1.0.3__6.el5
mod_nss	eq	1.0.8__4.el5_6.1
mod_nss	eq	1.0.8__4.el5_8.2
mod_nss	eq	1.0.8__1.el5idm
mod_nss	eq	1.0.8__18.el6