9 matches found
ROS-20240815-09
Authentication and authorization module for Apache 2.x HTTP server Modauthopenidc has a vulnerability related to setting OIDCStripCookies and providing the created cookie, a dereferencing of a NULL pointer occurs, which will cause a segmentation error. NULL pointer, which will result in a...
mod_auth_openidc:2.3 security and bug fix update
cjose 0.6.1-4 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-5 Related: rhbz2141850 - fix cjose version dependency 2.4.9.4-4 Resolves: rhbz2141850 - authopenidc.conf mode 0640 by...
RHEL 9 : mod_auth_openidc (RHSA-2023:6365)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6365 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
Fedora 38 : mod_auth_openidc (2023-b534ca7056)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b534ca7056 advisory. Rebase to 2.4.13.2 version, fix CVE-2023-28625 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
...
CVE-2023-28625
A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...
Null pointer dereference
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...
CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...
CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...