Lucene search

[email protected]CVE-2017-6059

HistoryApr 12, 2017 - 8:59 p.m.

CVE-2017-6059

2017-04-1220:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2017-6059

mod_auth_openidc

ping identity

apache

authentication

spoofing

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

CPENameOperatorVersion
openidc:mod_auth_openidcopenidc mod auth openidclt2.1.4

CPE	Name	Operator	Version
openidc:mod_auth_openidc	openidc mod auth openidc	lt	2.1.4

References

www.openwall.com/lists/oss-security/2017/02/17/6

www.securityfocus.com/bid/96299

access.redhat.com/errata/RHSA-2019:2112

github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4

github.com/pingidentity/mod_auth_openidc/issues/212

github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2017-6059

ubuntucve1 prion1 redhatcve1 debiancve1 osv1 nessus11 centos1 amazon2 oraclelinux1 redhat1 fedora3 openvas3