PT-2013-5077 · Red Hat+2 · Mod Nss+3

Published

2013-12-03

Updated

2024-06-15

CVE-2013-4566

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions mod nss versions 1.0.8 and earlier

Description The issue allows remote attackers to bypass intended access restrictions when NSSVerifyClient is set to none for the server/vhost context, and the setting is not enforced in the directory context.

Recommendations For mod nss versions 1.0.8 and earlier, consider updating the configuration to enforce the NSSVerifyClient setting in the directory context to prevent bypassing of access restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2013_1779

CVE-2013-4566

MGASA-2013-0381

OPENSUSE-SU-2024:10311-1

RHSA-2013:1779

RHSA-2013_1779

SUSE-SU-2013_1926-1

SUSE-SU-2016:2285-1

SUSE-SU-2016:2329-1

SUSE-SU-2016:2396-1

SUSE-SU-2016_2285-1

SUSE-SU-2016_2329-1

SUSE-SU-2016_2396-1

Affected Products

Centos

Red Hat

Suse

Mod Nss

PT-2013-5077 · Red Hat+2 · Mod Nss+3

CVE-2013-4566

Weakness Enumeration

Related Identifiers

Affected Products

References · 52