29 matches found
TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2023:0283)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0283 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CLSA-2025-1745945082 mod_auth_openidc: Fix of CVE-2023-28625
CVE-2023-28625: fix NULL pointer dereference causing segmentation fault...
Advisory ROSA-SA-2024-2362
Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-6940)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6940 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...
mod_auth_openidc:2.3 security and bug fix update
cjose 0.6.1-4 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-5 Related: rhbz2141850 - fix cjose version dependency 2.4.9.4-4 Resolves: rhbz2141850 - authopenidc.conf mode 0640 by...
RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6940 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
ALSA-2023:6940 Moderate: mod_auth_openidc:2.3 security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Moderate: mod_auth_openidc:2.3 security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
mod_auth_openidc security and bug fix update
2.4.9.4-4 Resolves: rhbz2189268 - authopenidc.conf mode 0640 by default 2.4.9.4-3 - Resolves: rhbz2184145 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied 2.4.9.4-2 - Resolves: rhbz2153656 - CVE-2022-23527 - Open Redirect in...
RHEL 9 : mod_auth_openidc (RHSA-2023:6365)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6365 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...
ALSA-2023:6365 Moderate: mod_auth_openidc security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
Moderate: mod_auth_openidc security and bug fix update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...
CVE-2023-28625 affecting package mod_auth_openidc for versions less than 2.4.14.2-1
CVE-2023-28625 affecting package modauthopenidc for versions less than 2.4.14.2-1. An upgraded version of the package is available that resolves this issue...
Fedora 38 : mod_auth_openidc (2023-b534ca7056)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b534ca7056 advisory. Rebase to 2.4.13.2 version, fix CVE-2023-28625 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
[SECURITY] [DSA 5405-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5405-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2023 https://www.debian.org/security/faq -...
K000134597: mod_auth_openidc vulnerability CVE-2023-28625
Security Advisory Description modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer...
SUSE: Security Advisory (SUSE-SU-2023:1837-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3409-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3409 : libapache2-mod-auth-openidc - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3409 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3409-1 [email protected]...
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3409-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...