Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

22 matches found

OSV
OSVadded 2025/10/04 12:11 a.m.2 views

RLSA-2025:9396 Important: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...

7.5CVSS7.1AI score0.00673EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2025/07/01 12:57 a.m.2 views

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2025/07/01 12:43 a.m.2 views

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2025/07/01 12:38 a.m.2 views

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2025/07/01 12:0 a.m.16 views

RHEL 9 : mod_auth_openidc (RHSA-2025:10002)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10002 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Conne...

7.5CVSS6.3AI score0.00673EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/07/01 12:0 a.m.3 views

RHEL 9 : mod_auth_openidc (RHSA-2025:10008)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:10008 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Conne...

7.5CVSS6.3AI score0.00673EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/07/01 12:0 a.m.3 views

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2025:10003)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10003 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Conne...

7.5CVSS6.3AI score0.00673EPSS
Exploits0References4
OSV
OSVadded 2025/06/16 10:4 a.m.0 views

SUSE-SU-2025:01962-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled bsc1242015...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References3
OSV
OSVadded 2025/05/19 5:21 p.m.1 views

SUSE-SU-2025:01585-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2025-3891: denial of service via POST requests with an empty Content-Type header and with OIDCPreservePost On bsc1242015...

7.5CVSS6.4AI score0.00673EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2025/05/07 12:0 a.m.11 views

mod_auth_openidc:2.3 security update

cjose modauthopenidc 2.4.9.4-8 - Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost...

5.3CVSS5.4AI score0.00673EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/05/07 12:0 a.m.3 views

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2025:4597)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4597 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

7.5CVSS6.3AI score0.00673EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2025/05/06 8:23 p.m.2 views

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.8AI score0.00673EPSS
Exploits0References6
NVD
NVDadded 2025/04/29 12:15 p.m.11 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS0.00673EPSS
Exploits0References14
OSV
OSVadded 2025/04/29 12:15 p.m.1 views

UBUNTU-CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS7.1AI score0.00673EPSS
Exploits0References4
CVE
CVEadded 2025/04/29 11:56 a.m.95 views

CVE-2025-3891

CVE-2025-3891 affects the Apache httpd mod_auth_openidc module. A remote, unauthenticated attacker can cause a DoS by sending an empty POST when the OIDCPreservePost directive is enabled, crashing the server and impacting availability. Evidence from multiple advisories confirms the issue and ment...

7.5CVSS5.2AI score0.00673EPSS
Exploits0References14Affected Software1
Cvelist
Cvelistadded 2025/04/29 11:56 a.m.17 views

CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS0.00673EPSS
Exploits0References13
OpenVAS
OpenVASadded 2021/09/14 12:0 a.m.26 views

openSUSE: Security Advisory for apache2-mod_auth_openidc (openSUSE-SU-2021:3020-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.5AI score0.01593EPSS
Exploits1References2
OSV
OSVadded 2021/07/26 5:15 p.m.23 views

CVE-2021-32792

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

6.1CVSS5.9AI score
Exploits0References8
NVD
NVDadded 2021/07/26 5:15 p.m.22 views

CVE-2021-32792

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

6.1CVSS0.0025EPSS
Exploits0References8
OSV
OSVadded 2021/07/26 5:15 p.m.2 views

AZL-6482 CVE-2021-32792 affecting package httpd for versions less than 2.4.52-1

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

6.1CVSS6.6AI score0.0025EPSS
Exploits0References1
Rows per page
Query Builder