OracleLinuxELSA-2019-2112mod_auth_openidc security update
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
79.3%
[1.8.8-5]
- Resolves: rhbz#1626297 - CVE-2017-6413 mod_auth_openidc: OIDC_CLAIM and
OIDCAuthNHeader not skipped in an ‘AuthType oauth20’
configuration [rhel-7]
[1.8.8-4] - Resolves: rhbz#1626299 - CVE-2017-6059 mod_auth_openidc: Shows
user-supplied content on error pages [rhel-7]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | mod_auth_openidc | < 1.8.8-5.el7 | mod_auth_openidc-1.8.8-5.el7.src.rpm |
| oracle linux | 7 | aarch64 | mod_auth_openidc | < 1.8.8-5.el7 | mod_auth_openidc-1.8.8-5.el7.aarch64.rpm |
| oracle linux | 7 | src | mod_auth_openidc | < 1.8.8-5.el7 | mod_auth_openidc-1.8.8-5.el7.src.rpm |
| oracle linux | 7 | x86_64 | mod_auth_openidc | < 1.8.8-5.el7 | mod_auth_openidc-1.8.8-5.el7.x86_64.rpm |
Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
79.3%