25 matches found
MiracleLinux 9 : mod_auth_openidc-2.4.10-1.el9 (AXSA:2024-9233:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9233:01 advisory. modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating cookies CVE-2024-24814 Tenable has extracted the preceding description block...
CLSA-2025-1746655009 mod_auth_openidc: Fix of CVE-2024-24814
CVE-2024-24814: fix DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is supplied...
RLSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
RockyLinux 8 : mod_auth_openidc:2.3 (RLSA-2024:5289)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:5289 advisory. modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating cookies CVE-2024-24814 Tenable has extracted the preceding description block directl...
openSUSE Security Advisory (SUSE-SU-2024:0757-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: mod_auth_openidc security update
An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Moderate: mod_auth_openidc security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2024-5289)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5289 advisory. cjose modauthopenidc 2.4.9.4-6 - Resolves: RHEL-36492 Race condition in modauthopenidc filecache - Resolves: RHEL-25421 modauthopenidc: DoS when using...
ALSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
openSUSE Security Advisory (SUSE-SU-2024:2299-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2024:2299-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2299-1 advisory. - CVE-2024-24814: Fixed a bug that can led to DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is...
Mageia: Security Advisory (MGASA-2024-0081)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated apache-mod_auth_openidc packages fix security vulnerability
Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...
SUSE SLES12 Security Update : apache2-mod_auth_openidc (SUSE-SU-2024:0758-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0758-1 advisory. - CVE-2024-24814: Fixed a denial of service when using OIDCSessionType client-cookie and manipulating cookies bsc1219911. Tenable has...
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2024:0757-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0757-1 advisory. - CVE-2024-24814: Fixed a denial of service when using OIDCSessionType client-cookie and manipulating cookies bsc1219911...
Debian: Security Advisory (DLA-3751-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:0757-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:0758-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3751-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3751-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 05, 2024 https://wiki.debian.org/LTS -...
SUSE-SU-2024:0757-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2024-24814: Fixed a denial of service when using OIDCSessionType client-cookie and manipulating cookies bsc1219911...