ID de Prueba:	1.3.6.1.4.1.25623.1.0.881829
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for mod_nss CESA-2013:1779 centos6
Resumen:	The remote host is missing an update for the 'mod_nss'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mod_nss' package(s) announced via the referenced advisory. Vulnerability Insight: The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566) Red Hat would like to thank Albert Smith of OUSD(AT& L) for reporting this issue. All mod_nss users should upgrade to this updated package, which contains a backported patch to correct this issue. The httpd service must be restarted for this update to take effect. Affected Software/OS: mod_nss on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4566 RHSA-2013:1779 http://rhn.redhat.com/errata/RHSA-2013-1779.html https://bugzilla.redhat.com/show_bug.cgi?id=1016832 openSUSE-SU-2013:1956 http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.