Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-6413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and...

8.6CVSS7AI score0.04253EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.47 views

Fedora 30 : mod_auth_openidc (2019-7b06f18a10)

Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

8.6CVSS6.4AI score0.05177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.24 views

Fedora 29 : mod_auth_openidc (2019-23638d42f3)

Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

8.6CVSS6.4AI score0.05177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/10/25 12:0 a.m.46 views

Amazon Linux 2 : mod_auth_openidc (ALAS-2019-1329)

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not properly sanitize HT...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Amazon
Amazon
added 2019/10/21 12:0 a.m.27 views

Medium: mod_auth_openidc

Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not...

8.6CVSS7.4AI score0.05177EPSS
Exploits0
Amazon
Amazon
added 2019/09/30 12:0 a.m.187 views

Medium: mod24_auth_openidc

Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. CVE-2017-6059 It was found that modauthopenidc did not...

8.6CVSS7.4AI score0.05177EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.31 views

CentOS 7 : mod_auth_openidc (CESA-2019:2112)

An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.35 views

Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20190806)

Security Fixes : - modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration CVE-2017-6413 - modauthopenidc: Shows user-supplied content on error pages CVE-2017-6059 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

8.6CVSS6.8AI score0.05177EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2019/08/13 12:0 a.m.35 views

mod_auth_openidc security update

1.8.8-5 - Resolves: rhbz1626297 - CVE-2017-6413 modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration rhel-7 1.8.8-4 - Resolves: rhbz1626299 - CVE-2017-6059 modauthopenidc: Shows user-supplied content on error pages rhel-7...

8.6CVSS2.4AI score0.05177EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.34 views

RHEL 7 : mod_auth_openidc (RHSA-2019:2112)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2112 advisory. modauthopenidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security...

8.6CVSS7AI score0.05177EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/08/06 12:7 p.m.44 views

Moderate: Red Hat Security Advisory: mod_auth_openidc security update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.6CVSS6.7AI score0.05177EPSS
Exploits0References4
CVE
CVE
added 2017/03/02 6:0 a.m.72 views

CVE-2017-6413

The vulnerability CVE-2017-6413 affects the OpenID Connect Relying Party and OAuth 2.0 Resource Server component (mod_auth_openidc) for Apache HTTP Server, where versions prior to 2.1.6 do not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an AuthType oauth20 configuration. This allows remote at...

8.6CVSS7.9AI score0.04253EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder