CVE-2013-4566 — NSS Project MOD NSS vulnerability

CWE-2646 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 68.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MOD NSS Project MOD NSS Redhat Enterprise Linux

Timeline

PublishedDec 12

Latest updateMay 14

Description

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

▶NVDmod_nss_project/mod_nss1.0.8+7

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

GHSA

GHSA-c4hv-94wj-93p7: mod_nss 1↗2022-05-14

▶

OSV

CVE-2013-4566: mod_nss 1↗2013-12-12

▶

📋Vendor Advisories

Red Hat

mod_nss: incorrect handling of NSSVerifyClient in directory context↗2013-12-03

▶

💬Community

Bugzilla

CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context [fedora-all]↗2013-12-03

▶

Bugzilla

CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context↗2013-10-08

▶