Lucene search
+L

115 matches found

Veracode
Veracode
added 2024/04/22 11:32 a.m.10 views

Denial Of Service (DoS)

libapache2-mod-auth-openidc is vulnerable to Denial Of Service DoS. The vulnerability is due to missing input validation on the modauthopenidcsessionchunks cookie value and the server struggling with requests for a long time and eventually returning a 500 error when the value of the cookie is...

7.5CVSS6.6AI score0.01261EPSS
Exploits1References5Affected Software1
Mageia
Mageia
added 2024/03/22 12:19 a.m.47 views

Updated apache-mod_auth_openidc packages fix security vulnerability

Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...

7.5CVSS6.9AI score0.01261EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.21 views

Debian: Security Advisory (DLA-3751-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01261EPSS
Exploits1References2
Debian
Debian
added 2024/03/05 6:16 p.m.25 views

[SECURITY] [DLA 3751-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3751-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 05, 2024 https://wiki.debian.org/LTS -...

7.5CVSS7.4AI score0.01261EPSS
Exploits1
OSV
OSV
added 2024/03/05 9:26 a.m.4 views

SUSE-SU-2024:0758-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2024-24814: Fixed a denial of service when using OIDCSessionType client-cookie and manipulating cookies bsc1219911...

7.5CVSS7.3AI score0.01261EPSS
Exploits1References3
OSV
OSV
added 2024/03/05 12:0 a.m.18 views

DLA-3751-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01261EPSS
Exploits1
OSV
OSV
added 2024/02/23 11:7 a.m.5 views

OESA-2024-1194 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...

7.5CVSS7AI score0.01261EPSS
Exploits1References2
OSV
OSV
added 2024/02/13 7:15 p.m.7 views

AZL-42520 CVE-2024-24814 affecting package mod_auth_openidc 2.4.14.2-1

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

7.5CVSS6.5AI score0.01261EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/13 6:46 p.m.4 views

CVE-2024-24814 Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...

7.5CVSS7.5AI score0.01261EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Fedora 39 : cjose (2023-d5f23da04a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5f23da04a advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

8.6CVSS7.5AI score0.0071EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.30 views

Debian DSA-5472-1 : cjose - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5472 advisory. It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard, may allow an attacker to provide a...

8.6CVSS7.3AI score0.0071EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.17 views

Rocky Linux 8 : mod_auth_openidc:2.3 (RLSA-2023:4418)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4418 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length fro...

8.6CVSS7.5AI score0.0071EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/08/04 12:0 a.m.18 views

Debian dla-3515 : libcjose-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3515 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3515-1 [email protected] https://www.debian.org/lts/security/...

8.6CVSS7.3AI score0.0071EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.19 views

Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-4418)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4418 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc Tenab...

8.6CVSS7.5AI score0.0071EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/07/19 12:0 a.m.27 views

Debian: Security Advisory (DLA-3499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.0175EPSS
Exploits1References4
OSV
OSV
added 2023/07/19 12:0 a.m.35 views

DLA-3499-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

6.1CVSS5.7AI score0.0175EPSS
Exploits1
Debian
Debian
added 2023/07/18 10:51 p.m.29 views

[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update

Debian LTS Advisory DLA-3499-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 19, 2023 https://wiki.debian.org/LTS Package : libapache2-mod-auth-openidc Version : 2.3.10.2-1+deb10u3 CVE ID : CVE-2021-39191 CVE-2022-23527 Debian Bug : 993648 1026444 Open...

6.1CVSS6.6AI score0.0175EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/07/18 1:55 a.m.6 views

SUSE CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS6.9AI score0.0071EPSS
Exploits1References5
NVD
NVD
added 2023/07/14 9:15 p.m.17 views

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS0.0071EPSS
Exploits1References9
OSV
OSV
added 2023/07/14 9:15 p.m.12 views

AZL-27659 CVE-2023-37464 affecting package cjose 0.6.1-6

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

7.5CVSS7.1AI score0.0071EPSS
Exploits1References1
Rows per page
Query Builder