CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4973
https://notcve.org/view.php?id=CVE-2011-4973
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. Vulnerabilidad de omisión de autenticación de mod_nss 1.0.8 permite que atacantes remotos asuman la identidad de un usuario válido empleando su certificado e introduciendo "password" como contraseña. • https://bugzilla.redhat.com/show_bug.cgi?id=1017197 https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3277
https://notcve.org/view.php?id=CVE-2015-3277
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. El módulo mod_nss en versiones anteriores a la 1.0.11 en Fedora permite que atacantes remotos obtengan listas de cifrado mediante el parseo incorrecto de cadenas de cifrado con múltiples palabras clave. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html https://bugzilla.redhat.com/show_bug.cgi?id=1238324 https://bugzilla.redhat.com/show_bug.cgi?id=1243518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5244
https://notcve.org/view.php?id=CVE-2015-5244
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. La opción NSSCipherSuite con ciphersuites habilitado en mod_nss en versiones anteriores a la 1.0.12 permite que atacantes remotos omitan las restricciones de aplicación. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html https://bugzilla.redhat.com/show_bug.cgi?id=1259216 https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4566 – mod_nss: incorrect handling of NSSVerifyClient in directory context
https://notcve.org/view.php?id=CVE-2013-4566
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. mod_nss 1.0.8 y anteriores versiones, cuando se establece NSSVerifyClient en none para el contexto del server/vhost, no aplica la opción de NSSVerifyClient en el contexto de directorio, lo que permite a atacantes remotos evadir restricciones de acceso intencionadas. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html http://rhn.redhat.com/errata/RHSA-2013-1779.html https://bugzilla.redhat.com/show_bug.cgi?id=1016832 https://access.redhat.com/security/cve/CVE-2013-4566 • CWE-264: Permissions, Privileges, and Access Controls •