8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.5%
Software: mod_auth_openidc 1.8.8
OS: Cobalt 7.9
CVE-ID: CVE-2017-6062
CVE-Crit: HIGH
CVE-DESC: The “OpenID Connect Verification Party and OAuth 2.0 Resource Server” module (also known as mod_auth_openidc) before version 2.1.5 for Apache HTTP Server does not pass the OIDC_CLAIM_ and OIDCAuthNHeader headers in the “OIDCUnAuthAction pass-through” configuration, allowing remote attackers to bypass authentication through the generated HTTP traffic.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-1010247
CVE-Crit: MEDIUM
CVE-DESC: ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier versions are prone to: cross-site scripting (XSS). Consequences: redirecting user to phishing page or interacting with application on behalf of user. Component: File: src / mod_auth_openidc.c, line: 3109. Fixed Version: 2.3.10.2.
CVE-STATUS: default
CVE-REV: default
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Cobalt | any | noarch | mod_auth_openidc | < 1.8.8 | UNKNOWN |
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.5%