7 matches found
Fedora 29 : mod_auth_openidc (2019-23638d42f3)
Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Fedora 30 : mod_auth_openidc (2019-7b06f18a10)
Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
DEBIAN-CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
CVE-2017-6062
Summary (CVE-2017-6062): The Apache module mod_auth_openidc (OpenID Connect Relying Party/OAuth 2.0 Resource Server) prior to version 2.1.5 does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an OIDCUnAuthAction pass. This can allow remote attackers to bypass authentication via crafted HTTP ...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...