3 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. El módulo mod_nss en versiones anteriores a la 1.0.11 en Fedora permite que atacantes remotos obtengan listas de cifrado mediante el parseo incorrecto de cadenas de cifrado con múltiples palabras clave. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html https://bugzilla.redhat.com/show_bug.cgi?id=1238324 https://bugzilla.redhat.com/show_bug.cgi?id=1243518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. La opción NSSCipherSuite con ciphersuites habilitado en mod_nss en versiones anteriores a la 1.0.12 permite que atacantes remotos omitan las restricciones de aplicación. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html https://bugzilla.redhat.com/show_bug.cgi?id=1259216 https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. mod_nss 1.0.8 y anteriores versiones, cuando se establece NSSVerifyClient en none para el contexto del server/vhost, no aplica la opción de NSSVerifyClient en el contexto de directorio, lo que permite a atacantes remotos evadir restricciones de acceso intencionadas. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html http://rhn.redhat.com/errata/RHSA-2013-1779.html https://bugzilla.redhat.com/show_bug.cgi?id=1016832 https://access.redhat.com/security/cve/CVE-2013-4566 • CWE-264: Permissions, Privileges, and Access Controls •