MidnightBSD

Advisories for mod_nss_project

CVE-2013-4566 MEDIUM

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
mod_nss_project mod_nss 1.0.5
mod_nss_project mod_nss 1.0.2
mod_nss_project mod_nss 1.0.7
redhat enterprise_linux 6.0
redhat enterprise_linux 5
mod_nss_project mod_nss 1.0.3
mod_nss_project mod_nss 1.0.6
mod_nss_project mod_nss 1.0.4
mod_nss_project mod_nss *
mod_nss_project mod_nss 1.0
CVE-2015-3277 MEDIUM

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
mod_nss_project mod_nss *
CVE-2015-5244 HIGH

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
mod_nss_project mod_nss *