Hi!

A FakeBasicAuth authentication bypass issue was reported for mod_nss
some time ago:

https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html

The issue was fixed in upstream git:

https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3

but there was no new release of mod_nss since to include the fix.

The issue now got CVE-2011-4973 assigned.

Note that the fix changes the user name that needs to be specified in
htpasswd when using FakeBasicAuth.

-- 
Tomas Hoger / Red Hat Security Response Team