Advisory ROSA-SA-2026-3176

Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 unaffected versions = modauthopenidc-2.4.9.4-8.rv30 affected versions modauthopenidc-2.4.9.4-8.rv30 CVE-ID: CVE-2025-3891 BDU-ID: 2025-10948 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for...

K000159017: Apache HTTP Server vulnerability CVE-2025-3891

Security Advisory Description A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently,...

Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: Update to 2.4.17.1 bsc1248806 / PED-14130. Remove many patches, as they've been merged upstream. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...

EUVD-2021-31599

Malicious code in bioql PyPI...

RLSA-2025:7490 Important: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

mod_auth_openidc security update

An update is available for modauthopenidc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an OpenID Connect authentication module for...

Linux Distros Unpatched Vulnerability : CVE-2017-6413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and...

Linux Distros Unpatched Vulnerability : CVE-2017-6062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and...

Linux Distros Unpatched Vulnerability : CVE-2025-3891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an...

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

mod_auth_openidc:2.3 security update

An update is available for modauthopenidc, module.cjose, cjose, module.modauthopenidc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

DEBIAN-CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

UBUNTU-CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

USN-7446-1 libapache2-mod-auth-openidc vulnerability

It was discovered that modauthopenidc incorrectly handled certain POST requests. An attacker could possibly use this issue to obtain sensitive information...

AZL-59592 CVE-2025-31492 affecting package mod_auth_openidc 2.4.14.2-1

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

RLSA-2024:9180 Moderate: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...

mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied

A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...

Sitolog SQL Injection Vulnerability

Sitolog is an e-commerce management software from the French company Sitolog. A security vulnerability exists in Sitolog v7.8.a and earlier versions, which originates from a SQL injection vulnerability in the sitolog application connect module...

kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...