Lucene search
+L

90 matches found

Hacker One
Hacker One
added 2019/04/24 11:5 p.m.40 views

Ping Identity: Internal Hostname disclosure from multiple Apache servers via blank host header method

This vulnerability was due to a general misconfiguration of Apache servers; this is a good example of the importance of "Secure Defaults" in open-source projects. An example of a generic request and response would be: openssl sclient -connect apache.example.com:443 GET apache.example.com/foo...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/03/09 7:33 p.m.16 views

Ping Identity: CSRF in Inviting users

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/17 12:0 a.m.65 views

PingID MFA Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction:...

Exploits0
Prion
Prion
added 2017/04/12 8:59 p.m.25 views

Design/Logic Flaw

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

5CVSS7.8AI score0.05177EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2017/04/12 8:59 p.m.25 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.9AI score
Exploits0References9
CVE
CVE
added 2017/04/12 8:0 p.m.81 views

CVE-2017-6059

CVE-2017-6059 affects the Ping Identity OpenID Connect module for Apache (mod_auth_openidc) prior to 2.14. The issue allows remote attackers to spoof page content by presenting a malicious URL that triggers an invalid request, due to improper handling within mod_auth_openidc.c. The vulnerability’...

7.5CVSS7.4AI score0.05177EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/04/12 8:0 p.m.22 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.4AI score0.05177EPSS
Exploits0References9
CNVD
CNVD
added 2017/03/03 12:0 a.m.2 views

Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability

Ping Identity 'modauthopenidc' module is an authentication/authorization module for the Apache 2.x HTTP server used to authenticate users against the OpenID connection provider. An authentication bypass vulnerability exists in the Ping Identity 'modauthopenidc' module. An attacker can use this...

8.6CVSS8.8AI score0.04253EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/24 12:0 a.m.3 views

Ping Identity 'mod_auth_openidc' Module Content Spoofing Vulnerability

Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. A content spoofing vulnerability exists in the Ping Identity 'modauthopenidc' module, which stems from a failure to adequately validate user input. An attacker could exploit the...

7.5CVSS6.7AI score0.05177EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/24 12:0 a.m.7 views

Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability

Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. An authentication bypass vulnerability exists in Ping Identity 'modauthopenidc'. An attacker could use this vulnerability to bypass the authentication mechanism to perform unauthoriz...

8.6CVSS8.7AI score0.03633EPSS
Exploits0References1
Rows per page
Query Builder