Hi!
A FakeBasicAuth authentication bypass issue was reported for mod_nss
some time ago:
https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
The issue was fixed in upstream git:
https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
but there was no new release of mod_nss since to include the fix.
The issue now got CVE-2011-4973 assigned.
Note that the fix changes the user name that needs to be specified in
htpasswd when using FakeBasicAuth.
--
Tomas Hoger / Red Hat Security Response Team