CVE-2013-4566
First published: Tue Oct 08 2013(Updated: )
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories. Documentation of mod_nss configuration directives, including NSSVerifyClient: <a href="https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives">https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives</a> As mod_nss is derived form mod_ssl, NSSVerifyClient is meant to be functionally equivalent to mod_ssl's SSLVerifyClient: <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient">http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mod Nss Project Mod Nss | <=1.0.8 | |
| Mod Nss Project Mod Nss | =1.0 | |
| Mod Nss Project Mod Nss | =1.0.2 | |
| Mod Nss Project Mod Nss | =1.0.3 | |
| Mod Nss Project Mod Nss | =1.0.4 | |
| Mod Nss Project Mod Nss | =1.0.5 | |
| Mod Nss Project Mod Nss | =1.0.6 | |
| Mod Nss Project Mod Nss | =1.0.7 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html
- http://rhn.redhat.com/errata/RHSA-2013-1779.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1016832
- https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives
- http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1037722
- https://rhn.redhat.com/errata/RHSA-2013-1779.html
- http://pkgs.fedoraproject.org/cgit/mod_nss.git/tree/mod_nss-nssverifyclient.patch?id=63709b8
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4566
- vendor/mod nss project
- canonical/mod nss project mod nss
- version/mod nss project mod nss/1.0.8
- version/mod nss project mod nss/1.0
- version/mod nss project mod nss/1.0.2
- version/mod nss project mod nss/1.0.3
- version/mod nss project mod nss/1.0.4
- version/mod nss project mod nss/1.0.5
- version/mod nss project mod nss/1.0.6
- version/mod nss project mod nss/1.0.7
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5
- version/redhat enterprise linux/6.0