A FakeBasicAuth authentication bypass issue was reported for mod_nss
some time ago:
The issue was fixed in upstream git:
but there was no new release of mod_nss since to include the fix.
The issue now got CVE-2011-4973 assigned.
Note that the fix changes the user name that needs to be specified in
htpasswd when using FakeBasicAuth.
Tomas Hoger / Red Hat Security Response Team