VYPR

rpm package

suse/apache2-mod_nss&distro=SUSE Linux Enterprise Server 12 SP1

pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Vulnerabilities (4)

  • CVE-2015-5244CriAug 7, 2017
    affected < 1.0.14-18.3fixed 1.0.14-18.3

    The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.

  • CVE-2016-3099HigJun 8, 2017
    affected < 1.0.14-18.3fixed 1.0.14-18.3

    mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

  • CVE-2014-3566LowOct 15, 2014
    affected < 1.0.14-18.3fixed 1.0.14-18.3

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2013-4566Dec 12, 2013
    affected < 1.0.14-18.3fixed 1.0.14-18.3

    mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.