Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 7 : mod_auth_openidc (ELSA-2019-2112)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2112 advisory. - Resolves: rhbz1626297 - CVE-2017-6413 modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration rhel-7 Tenable...

8.6CVSS7AI score0.05177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.47 views

Fedora 30 : mod_auth_openidc (2019-7b06f18a10)

Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

8.6CVSS6.4AI score0.05177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.24 views

Fedora 29 : mod_auth_openidc (2019-23638d42f3)

Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

8.6CVSS6.4AI score0.05177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/10/25 12:0 a.m.46 views

Amazon Linux 2 : mod_auth_openidc (ALAS-2019-1329)

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not properly sanitize HT...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Amazon
Amazon
added 2019/10/21 12:0 a.m.27 views

Medium: mod_auth_openidc

Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not...

8.6CVSS7.4AI score0.05177EPSS
Exploits0
Amazon
Amazon
added 2019/09/30 12:0 a.m.187 views

Medium: mod24_auth_openidc

Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. CVE-2017-6059 It was found that modauthopenidc did not...

8.6CVSS7.4AI score0.05177EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.31 views

CentOS 7 : mod_auth_openidc (CESA-2019:2112)

An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.35 views

Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20190806)

Security Fixes : - modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration CVE-2017-6413 - modauthopenidc: Shows user-supplied content on error pages CVE-2017-6059 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2019/08/13 12:0 a.m.35 views

mod_auth_openidc security update

1.8.8-5 - Resolves: rhbz1626297 - CVE-2017-6413 modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration rhel-7 1.8.8-4 - Resolves: rhbz1626299 - CVE-2017-6059 modauthopenidc: Shows user-supplied content on error pages rhel-7...

8.6CVSS2.4AI score0.05177EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.34 views

RHEL 7 : mod_auth_openidc (RHSA-2019:2112)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2112 advisory. modauthopenidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security...

8.6CVSS7AI score0.05177EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/08/06 12:7 p.m.45 views

Moderate: Red Hat Security Advisory: mod_auth_openidc security update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.6CVSS6.7AI score0.05177EPSS
Exploits0References4
OSV
OSV
added 2017/04/12 8:59 p.m.3 views

DEBIAN-CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS7.1AI score0.05177EPSS
Exploits0References1
NVD
NVD
added 2017/04/12 8:59 p.m.17 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS7.4AI score0.05177EPSS
Exploits0References9
OSV
OSV
added 2017/04/12 8:59 p.m.23 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.9AI score
Exploits0References9
CVE
CVE
added 2017/04/12 8:0 p.m.80 views

CVE-2017-6059

CVE-2017-6059 affects the Ping Identity OpenID Connect module for Apache (mod_auth_openidc) prior to 2.14. The issue allows remote attackers to spoof page content by presenting a malicious URL that triggers an invalid request, due to improper handling within mod_auth_openidc.c. The vulnerability’...

7.5CVSS7.4AI score0.05177EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2017/04/12 8:0 p.m.29 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.8AI score0.05177EPSS
Exploits0
Cvelist
Cvelist
added 2017/04/12 8:0 p.m.22 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.4AI score0.05177EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2017/02/21 9:48 a.m.26 views

CVE-2017-6059

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs...

7.5CVSS2.9AI score0.05177EPSS
Exploits0References1
Rows per page
Query Builder