{"id":"MGASA-2013-0381","summary":"Updated apache-mod_nss package fixes CVE-2013-4566","details":"Updated apache-mod_nss package fixes security vulnerability:\n\nA flaw was found in the way mod_nss handled the NSSVerifyClient setting for\nthe per-directory context. When configured to not require a client\ncertificate for the initial connection and only require it for a specific\ndirectory, mod_nss failed to enforce this requirement and allowed a client\nto access the directory when no valid client certificate was provided\n(CVE-2013-4566).\n","modified":"2026-04-16T06:22:52.984646305Z","published":"2013-12-20T17:27:18Z","upstream":["CVE-2013-4566"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0381.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1779.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11872"}],"affected":[{"package":{"name":"apache-mod_nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/apache-mod_nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.8-16.4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0381.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}