CVE-2013-4566

Published Dec 12, 2013

Last updated 6 years ago

Overview

Description: mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 4.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D938A66B-3BE0-46EA-BD41-91A21651E298",
            "versionEndIncluding": "1.0.8"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85B16378-B282-44E2-8716-C76634FAC7D1"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53FC2306-99BB-4F92-AA60-27DFC777947E"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "574AAC71-ADB7-4CFB-8278-BF305AEF67D3"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20747B2B-A9FD-45A6-9E83-7FF4B3619E9C"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "451CA213-63CF-4EC7-866D-6219CF8CB218"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94CE91B7-D935-4D51-9207-D47CE1C62ACB"
          },
          {
            "criteria": "cpe:2.3:a:mod_nss_project:mod_nss:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E58BD70-C4E3-4899-AE0F-71ECC23E6C67"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References