mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mod_nss | Mod_nss_project | * | 1.0.8 (including) |
| Mod_nss | Mod_nss_project | 1.0 (including) | 1.0 (including) |
| Mod_nss | Mod_nss_project | 1.0.2 (including) | 1.0.2 (including) |
| Mod_nss | Mod_nss_project | 1.0.3 (including) | 1.0.3 (including) |
| Mod_nss | Mod_nss_project | 1.0.4 (including) | 1.0.4 (including) |
| Mod_nss | Mod_nss_project | 1.0.5 (including) | 1.0.5 (including) |
| Mod_nss | Mod_nss_project | 1.0.6 (including) | 1.0.6 (including) |
| Mod_nss | Mod_nss_project | 1.0.7 (including) | 1.0.7 (including) |
| Red Hat Enterprise Linux 5 | RedHat | mod_nss-0:1.0.8-8.el5_10 | * |
| Red Hat Enterprise Linux 6 | RedHat | mod_nss-0:1.0.8-19.el6_5 | * |
| Libapache2-mod-nss | Ubuntu | artful | * |
| Libapache2-mod-nss | Ubuntu | bionic | * |
| Libapache2-mod-nss | Ubuntu | cosmic | * |
| Libapache2-mod-nss | Ubuntu | esm-apps/bionic | * |
| Libapache2-mod-nss | Ubuntu | esm-apps/xenial | * |
| Libapache2-mod-nss | Ubuntu | precise | * |
| Libapache2-mod-nss | Ubuntu | quantal | * |
| Libapache2-mod-nss | Ubuntu | raring | * |
| Libapache2-mod-nss | Ubuntu | saucy | * |
| Libapache2-mod-nss | Ubuntu | trusty | * |
| Libapache2-mod-nss | Ubuntu | upstream | * |
| Libapache2-mod-nss | Ubuntu | utopic | * |
| Libapache2-mod-nss | Ubuntu | vivid | * |
| Libapache2-mod-nss | Ubuntu | wily | * |
| Libapache2-mod-nss | Ubuntu | xenial | * |
| Libapache2-mod-nss | Ubuntu | yakkety | * |
| Libapache2-mod-nss | Ubuntu | zesty | * |