6 matches found
Debian DLA-2298-1 : libapache2-mod-auth-openidc security update
Several issues have been found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. CVE-2019-14857 Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID...
Debian: Security Advisory (DLA-2298-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1894-1] libapache2-mod-auth-openidc security
Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u1 CVE ID : CVE-2019-1010247 Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll...
UBUNTU-CVE-2019-1010247
ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...
CVE-2019-1010247
ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...
CVE-2019-1010247
CVE-2019-1010247 – affected software and impact : ZmartZone IAM mod_auth_openidc (Apache module) versions 2.3.10.1 and earlier contain an XSS flaw in the OIDCRedirectURI page, where generated JavaScript uses a poll parameter as a string variable; this can lead to Criss-Site Scripting (XSS) and ma...