Lucene search
K

85 matches found

OSV
OSV
added 2021/07/22 10:15 p.m.3 views

UBUNTU-CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

6.1CVSS6.5AI score0.02364EPSS
Exploits1References6
OSV
OSV
added 2021/06/10 7:15 a.m.5 views

AZL-6475 CVE-2020-35452 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

7.3CVSS7AI score0.53191EPSS
Exploits0References1
OSV
OSV
added 2021/06/10 7:15 a.m.4 views

DEBIAN-CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

7.3CVSS7AI score0.53191EPSS
Exploits0References1
OSV
OSV
added 2021/06/10 7:15 a.m.6 views

UBUNTU-CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

7.3CVSS7AI score0.53191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.4 views

PT-2021-6452 · Unknown +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to the AES GCM encryption in mod auth openidc, which uses a static IV and AAD. This creates a static nonce and can lead to known cryptographic issues since the same ke...

7.5CVSS6.3AI score0.02731EPSS
Exploits2References83
OSV
OSV
added 2021/05/20 2:15 a.m.4 views

UBUNTU-CVE-2021-20718

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors...

7.5CVSS7.2AI score0.03395EPSS
Exploits0References5
OSV
OSV
added 2020/10/22 12:47 p.m.9 views

USN-4597-1 libapache2-mod-auth-mellon vulnerabilities

François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References4
OSV
OSV
added 2020/02/20 6:15 a.m.2 views

DEBIAN-CVE-2019-20479

A flaw was found in modauthopenidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning...

6.1CVSS6.5AI score0.01893EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 12:15 p.m.3 views

UBUNTU-CVE-2019-14857

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...

6.1CVSS6.5AI score0.01535EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/20 4:8 p.m.3 views

httpd: mod_auth_digest: access control bypass due to race condition

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

7.5CVSS7.1AI score0.17666EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/07/19 12:0 a.m.4 views

PT-2019-11526 · Zmartzone Iam · Mod Auth Openidc

Name of the Vulnerable Software and Affected Versions: ZmartZone IAM mod auth openidc versions 2.3.10.1 and earlier Description: The issue affects the ZmartZone IAM mod auth openidc, allowing for Cross Site Scripting XSS attacks. This can lead to redirecting the user to a phishing page or...

6.1CVSS6.2AI score0.01893EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2019/06/20 12:0 a.m.4 views

PT-2019-5693 · Apache +3 · Mod Auth Mellon +4

Name of the Vulnerable Software and Affected Versions: mod auth mellon versions 0.14.2 and earlier Description: The issue is related to an Open Redirect via the login?ReturnTo= substring. This can be exploited by omitting the // after http: in the target URL, allowing a remote attacker to redirec...

6.4CVSS6.5AI score0.01423EPSS
Exploits0References36
OSV
OSV
added 2019/03/21 12:0 a.m.5 views

UBUNTU-CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/11/16 7:10 p.m.4 views

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

9.1CVSS7.4AI score0.5677EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/11/13 5:35 p.m.4 views

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

9.1CVSS7.4AI score0.5677EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.5 views

The vulnerability of the mod_auth_digest module in the Apache HTTP Server allows a hacker to cause the server to terminate abnormally.

The vulnerability of the modauthdigest module in the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause the server to terminate abnormally. Each instance of the server will continue to terminate abnormally eve...

5CVSS7.2AI score0.20952EPSS
Exploits0References7
OSV
OSV
added 2017/07/27 9:29 p.m.3 views

DEBIAN-CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...

7.5CVSS7AI score0.20952EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/04/12 12:24 p.m.7 views

httpd: DoS vulnerability in mod_auth_digest

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...

7.5CVSS7.2AI score0.20952EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2017/04/12 12:0 a.m.3 views

PT-2017-16869 · Ping Identity +2 · Mod Auth Openidc +2

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.14 Description: The issue allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. This occurs due to a flaw in the Mod auth openidc.c...

8.6CVSS6.6AI score0.05177EPSS
Exploits0References25
OSV
OSV
added 2017/03/13 2:59 p.m.1 views

DEBIAN-CVE-2017-6807

modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...

6.1CVSS6.6AI score0.01068EPSS
Exploits0References1
Rows per page
Query Builder