rpm package
opensuse/apache2-mod_nss&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/apache2-mod_nss&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5244 | Cri | 9.8 | < 1.0.14-4.1 | 1.0.14-4.1 | Aug 7, 2017 | The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |
| CVE-2016-3099 | Hig | 7.5 | < 1.0.14-4.1 | 1.0.14-4.1 | Jun 8, 2017 | mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. | |
| CVE-2014-3566 | Low | 3.4 | < 1.0.14-4.1 | 1.0.14-4.1 | Oct 15, 2014 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |
| CVE-2013-4566 | — | < 1.0.14-4.1 | 1.0.14-4.1 | Dec 12, 2013 | mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. |
- affected < 1.0.14-4.1fixed 1.0.14-4.1
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
- affected < 1.0.14-4.1fixed 1.0.14-4.1
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
- affected < 1.0.14-4.1fixed 1.0.14-4.1
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
- CVE-2013-4566Dec 12, 2013affected < 1.0.14-4.1fixed 1.0.14-4.1
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.