Test Kennung:	1.3.6.1.4.1.25623.1.0.881829
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for mod_nss CESA-2013:1779 centos6
Zusammenfassung:	The remote host is missing an update for the 'mod_nss'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mod_nss' package(s) announced via the referenced advisory. Vulnerability Insight: The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566) Red Hat would like to thank Albert Smith of OUSD(AT& L) for reporting this issue. All mod_nss users should upgrade to this updated package, which contains a backported patch to correct this issue. The httpd service must be restarted for this update to take effect. Affected Software/OS: mod_nss on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4566 RHSA-2013:1779 http://rhn.redhat.com/errata/RHSA-2013-1779.html https://bugzilla.redhat.com/show_bug.cgi?id=1016832 openSUSE-SU-2013:1956 http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html
Copyright	Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.