115 matches found
Denial Of Service (DoS)
libapache2-mod-auth-openidc is vulnerable to Denial Of Service DoS. The vulnerability is due to missing input validation on the modauthopenidcsessionchunks cookie value and the server struggling with requests for a long time and eventually returning a 500 error when the value of the cookie is...
Updated apache-mod_auth_openidc packages fix security vulnerability
Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...
Debian: Security Advisory (DLA-3751-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3751-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3751-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 05, 2024 https://wiki.debian.org/LTS -...
SUSE-SU-2024:0758-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2024-24814: Fixed a denial of service when using OIDCSessionType client-cookie and manipulating cookies bsc1219911...
DLA-3751-1 libapache2-mod-auth-openidc - security update
Bulletin has no description...
OESA-2024-1194 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...
AZL-42520 CVE-2024-24814 affecting package mod_auth_openidc 2.4.14.2-1
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
CVE-2024-24814 Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
Fedora 39 : cjose (2023-d5f23da04a)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5f23da04a advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Debian DSA-5472-1 : cjose - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5472 advisory. It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard, may allow an attacker to provide a...
Rocky Linux 8 : mod_auth_openidc:2.3 (RLSA-2023:4418)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4418 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length fro...
Debian dla-3515 : libcjose-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3515 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3515-1 [email protected] https://www.debian.org/lts/security/...
Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-4418)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4418 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc Tenab...
Debian: Security Advisory (DLA-3499-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-3499-1 libapache2-mod-auth-openidc - security update
Bulletin has no description...
[SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update
Debian LTS Advisory DLA-3499-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 19, 2023 https://wiki.debian.org/LTS Package : libapache2-mod-auth-openidc Version : 2.3.10.2-1+deb10u3 CVE ID : CVE-2021-39191 CVE-2022-23527 Debian Bug : 993648 1026444 Open...
SUSE CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...
CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...
AZL-27659 CVE-2023-37464 affecting package cjose 0.6.1-6
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...