154 matches found
modsecurity: ModSecurity Has Possible DoS Vulnerability
A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...
Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. bsc1240893 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
OESA-2024-2085 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
USN-6826-1 libapache-mod-jk vulnerability
Karl von Randow discovered that modjk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd...
mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character
An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...
mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character
An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...
CVE-2023-28625
A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...
mod_auth_openidc 代码问题漏洞
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A code issue vulnerability exists in modauthopenidc versions 2.0.0 through...
K7886: Remote vulnerability in the mod_jk2 Apache module VU#771937
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
SUSE CVE-2005-2963
The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...
SUSE CVE-2005-3319
The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...
PT-2021-22446 · Apache +5 · Apache Http Server +5
Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9.4 Description: The mod auth openidc module for the Apache 2.x HTTP server is vulnerable to an open redirect attack. This occurs when a crafted URL is supplied in the target link uri parameter, affectin...
SUSE-SU-2021:2912-1 Security update for apache2-mod_auth_mellon
This update for apache2-modauthmellon fixes the following issues: - CVE-2021-3639: Fixed Open Redirect vulnerability in logout URLs bsc1188926...
Authentication flaw
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...
mod_auth_digest possible stack overflow by one nul byte
...
mod_auth_openidc vulnerable to denial-of-service (DoS)
Overview modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Tatsuhiko Yasumatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
ModSecurity 安全漏洞
ModSecurity is an intrusion detection and blocking engine that can be run as a module of the Apache Web Server or as a standalone application to enhance Web application security and protect Web applications from known and unknown attacks. A security vulnerability exists in ModSecurity 3.0.4 prior...
Cross-Site Scripting (XSS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Arbitrary Code Execution
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
mod_auth_mellon authentication bypass vulnerability
modauthmellon is an authentication module for use in Apache. A security vulnerability exists in modauthmellon. An attacker can exploit this vulnerability to bypass authentication...