Test ID:	1.3.6.1.4.1.25623.1.0.871692
Category:	Red Hat Local Security Checks
Title:	RedHat Update for mod_nss RHSA-2016:2602-02
Summary:	The remote host is missing an update for the 'mod_nss'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'mod_nss' package(s) announced via the referenced advisory. Vulnerability Insight: The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063) Security Fix(es): * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: mod_nss on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3099 FEDORA-2016-1eaaf1ed0f http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184345.html FEDORA-2016-85e9f2e3cd http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html FEDORA-2016-8b28358b72 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183129.html RHSA-2016:2602 http://rhn.redhat.com/errata/RHSA-2016-2602.html https://bugzilla.redhat.com/show_bug.cgi?id=1319052
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.