12 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-6413
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and...
Fedora 30 : mod_auth_openidc (2019-7b06f18a10)
Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Fedora 29 : mod_auth_openidc (2019-23638d42f3)
Upgrade to latest upstream which fixes some CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Amazon Linux 2 : mod_auth_openidc (ALAS-2019-1329)
A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not properly sanitize HT...
Medium: mod_auth_openidc
Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not...
Medium: mod24_auth_openidc
Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. CVE-2017-6059 It was found that modauthopenidc did not...
CentOS 7 : mod_auth_openidc (CESA-2019:2112)
An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20190806)
Security Fixes : - modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration CVE-2017-6413 - modauthopenidc: Shows user-supplied content on error pages CVE-2017-6059 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...
mod_auth_openidc security update
1.8.8-5 - Resolves: rhbz1626297 - CVE-2017-6413 modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration rhel-7 1.8.8-4 - Resolves: rhbz1626299 - CVE-2017-6059 modauthopenidc: Shows user-supplied content on error pages rhel-7...
RHEL 7 : mod_auth_openidc (RHSA-2019:2112)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2112 advisory. modauthopenidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security...
Moderate: Red Hat Security Advisory: mod_auth_openidc security update
An update for modauthopenidc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
CVE-2017-6413
The vulnerability CVE-2017-6413 affects the OpenID Connect Relying Party and OAuth 2.0 Resource Server component (mod_auth_openidc) for Apache HTTP Server, where versions prior to 2.1.6 do not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an AuthType oauth20 configuration. This allows remote at...