4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.3%
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the
server/vhost context, does not enforce the NSSVerifyClient setting in the
directory context, which allows remote attackers to bypass intended access
restrictions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libapache2-mod-nss | < any | UNKNOWN |
ubuntu | 16.04 | noarch | libapache2-mod-nss | < any | UNKNOWN |