CVE-2013-4566

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mod_nss_project:mod_nss:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:*:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mod_nss_project:mod_nss:1.0.6:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Information

Published : 2013-12-12 10:55

Updated : 2019-04-22 10:48


NVD link : CVE-2013-4566

Mitre link : CVE-2013-4566


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

mod_nss_project

  • mod_nss

redhat

  • enterprise_linux