CVE-2013-4566

Synopsis Moderate: mod_nss security update Type/Severity Security Advisory: Moderate Topic An updated mod_nss package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulner ...

Debian Bug report logs - #731627 libapache2-mod-nss: CVE-2013-4566: incorrect handling of NSSVerifyClient in directory context Package: libapache2-mod-nss; Maintainer for libapache2-mod-nss is Debian 389ds Team <pkg-fedora-ds-maintainers@listsaliothdebianorg>; Source for libapache2-mod-nss is src:libapache2-mod-nss (PTS, buildd, ...

Debian Bug report logs - #729626 libapache2-mod-nss: CVE-2011-4973: FakeBasicAuth authentication bypass Package: libapache2-mod-nss; Maintainer for libapache2-mod-nss is Debian 389ds Team <pkg-fedora-ds-maintainers@listsaliothdebianorg>; Source for libapache2-mod-nss is src:libapache2-mod-nss (PTS, buildd, popcon) Reporte ...

A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate w ...

A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate w ...

mod_nss 108 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions ...