ALAS-2013-254 ---- mod24_nssID: oval:org.secpod.oval:def:1600208 | Date: (C)2016-05-19 (M)2023-12-07 |
Class: PATCH | Family: unix |
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided
Platform: |
Amazon Linux AMI |