9 matches found
mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies
A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. Missing input validation in the modauthopenidcsessionchunks cookie value can make the server vulnerable to a denial of service attack. This issue may allow a remote attacke...
SUSE CVE-2024-24814
modauthopenidc is an OpenID Certifiedtm authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
OESA-2024-1193 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...
OESA-2024-1194 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...
OESA-2024-1191 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...
AZL-42537 CVE-2024-24814 affecting package mod_auth_openidc 2.4.14.2-2
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
DEBIAN-CVE-2024-24814
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
AZL-42520 CVE-2024-24814 affecting package mod_auth_openidc 2.4.14.2-1
modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to a...
mod_auth_openidc security vulnerability
modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server, used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in modauthopenidc versions 2.0.0 through 2.4.15.1,...