4 - CVE-2013-4566

Executive Summary

Informations
Name	CVE-2013-4566	First vendor Publication	2013-12-12
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Cvss Base Score	4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21010

Oval ID:	oval:org.mitre.oval:def:21010
Title:	RHSA-2013:1779: mod_nss security update (Moderate)
Description:	mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1779-00 CESA-2013:1779 CVE-2013-4566	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	mod_nss
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND mod_nss is earlier than 0:1.0.8-8.el5_10 AND Operation system section mod_nss is earlier than 0:1.0.8-19.el6_5 Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x

Definition Id: oval:org.mitre.oval:def:23337

Oval ID:	oval:org.mitre.oval:def:23337
Title:	DEPRECATED: ELSA-2013:1779: mod_nss security update (Moderate)
Description:	mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:1779-00 CVE-2013-4566	Version:	7
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	mod_nss
Definition Synopsis:
rpm test Oracle Linux 5.x AND mod_nss is earlier than 0:1.0.8-8.el5_10 OR rpm test mod_nss is earlier than 0:1.0.8-19.el6_5 AND Oracle Linux 6.x

Definition Id: oval:org.mitre.oval:def:23961

Oval ID:	oval:org.mitre.oval:def:23961
Title:	ELSA-2013:1779: mod_nss security update (Moderate)
Description:	mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:1779-00 CVE-2013-4566	Version:	6
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	mod_nss
Definition Synopsis:
rpm test Oracle Linux 5.x AND mod_nss is earlier than 0:1.0.8-8.el5_10 OR rpm test mod_nss is earlier than 0:1.0.8-19.el6_5 AND Oracle Linux 6.x

Definition Id: oval:org.mitre.oval:def:25458

Oval ID:	oval:org.mitre.oval:def:25458
Title:	SUSE-SU-2013:1926-1 -- Security update for apache2-mod_nss
Description:	This update fixes the following security issues with apache2-mod_nss: * bnc#853039: client certificate verification problematic (CVE-2013-4566) Security Issue reference: * CVE-2013-4566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1926-1 CVE-2013-4566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	apache2-mod_nss
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed AND apache2-mod_nss RPM is earlier than 0:1.0.8-0.4.7.1

Definition Id: oval:org.mitre.oval:def:27241

Oval ID:	oval:org.mitre.oval:def:27241
Title:	DEPRECATED: ELSA-2013-1779 -- mod_nss security update (moderate)
Description:	[1.0.8-19] - Resolves: CVE-2013-4566 - Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in directory context [rhel-6.5.z]
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1779 CVE-2013-4566	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	mod_nss
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x AND mod_nss is earlier than 0:1.0.8-8.el5_10 AND Oracle Linux 6 release section Oracle Linux 6.x AND mod_nss is earlier than 0:1.0.8-19.el6_5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mod Nss Project Mod Nss cpe:2.3:a:mod_nss_project:mod_nss:1.0.8:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.7:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.6:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.5:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.4:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.3:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0.2:::::::* cpe:2.3:a:mod_nss_project:mod_nss:1.0:::::::*	8
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:5:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2016-09-28	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2396-1.nasl - Type : ACT_GATHER_INFO
2016-09-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2329-1.nasl - Type : ACT_GATHER_INFO
2016-09-13	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2285-1.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1030.nasl - Type : ACT_GATHER_INFO
2014-02-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-253.nasl - Type : ACT_GATHER_INFO
2013-12-23	Name : The remote SuSE 11 host is missing a security update. File : suse_11_apache2-mod_nss-131203.nasl - Type : ACT_GATHER_INFO
2013-12-14	Name : The remote Fedora host is missing a security update. File : fedora_2013-22730.nasl - Type : ACT_GATHER_INFO
2013-12-13	Name : The remote Fedora host is missing a security update. File : fedora_2013-22786.nasl - Type : ACT_GATHER_INFO
2013-12-13	Name : The remote Fedora host is missing a security update. File : fedora_2013-22787.nasl - Type : ACT_GATHER_INFO
2013-12-10	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-254.nasl - Type : ACT_GATHER_INFO
2013-12-10	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131203_mod_nss_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1779.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1779.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1779.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html
http://rhn.redhat.com/errata/RHSA-2013-1779.html
https://bugzilla.redhat.com/show_bug.cgi?id=1016832

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:36:29	Multiple Updates
2021-05-04 12:27:26	Multiple Updates
2021-04-22 01:33:13	Multiple Updates
2020-05-24 01:12:08	Multiple Updates
2020-05-23 00:38:06	Multiple Updates
2019-04-22 21:19:09	Multiple Updates
2016-09-29 13:25:19	Multiple Updates
2016-09-20 13:25:38	Multiple Updates
2016-09-14 13:25:41	Multiple Updates
2014-06-14 13:36:12	Multiple Updates
2014-02-17 11:22:24	Multiple Updates
2014-01-04 13:19:38	Multiple Updates
2013-12-13 21:22:08	Multiple Updates
2013-12-12 21:20:08	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	10
Sources(s)	3
Nessus® Exploit(s)	14

	Related
4	RHSA-2013:1779
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

4 - CVE-2013-4566

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU