mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mod_nss | Mod_nss_project | * | 1.0.8 (including) |
Mod_nss | Mod_nss_project | 1.0 (including) | 1.0 (including) |
Mod_nss | Mod_nss_project | 1.0.2 (including) | 1.0.2 (including) |
Mod_nss | Mod_nss_project | 1.0.3 (including) | 1.0.3 (including) |
Mod_nss | Mod_nss_project | 1.0.4 (including) | 1.0.4 (including) |
Mod_nss | Mod_nss_project | 1.0.5 (including) | 1.0.5 (including) |
Mod_nss | Mod_nss_project | 1.0.6 (including) | 1.0.6 (including) |
Mod_nss | Mod_nss_project | 1.0.7 (including) | 1.0.7 (including) |