PT-2013-5077 · Red Hat+2 · Mod Nss+3

Publicado

2013-12-03

Atualizado

2024-06-15

CVE-2013-4566

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions mod nss versions 1.0.8 and earlier

Description The issue allows remote attackers to bypass intended access restrictions when NSSVerifyClient is set to none for the server/vhost context, and the setting is not enforced in the directory context.

Recommendations For mod nss versions 1.0.8 and earlier, consider updating the configuration to enforce the NSSVerifyClient setting in the directory context to prevent bypassing of access restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2013_1779

CVE-2013-4566

MGASA-2013-0381

OPENSUSE-SU-2024:10311-1

RHSA-2013:1779

RHSA-2013_1779

SUSE-SU-2013_1926-1

SUSE-SU-2016:2285-1

SUSE-SU-2016:2329-1

SUSE-SU-2016:2396-1

SUSE-SU-2016_2285-1

SUSE-SU-2016_2329-1

SUSE-SU-2016_2396-1

Produtos afetados

Centos

Red Hat

Suse

Mod Nss

PT-2013-5077 · Red Hat+2 · Mod Nss+3

CVE-2013-4566

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52