Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-7316:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7316:01 advisory. modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character CVE-2022-23527 modauthopenidc: NULL pointer dereference when...

7.5CVSS5.6AI score0.01327EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.5 views

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to cause a service denial.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the installation of OIDCStripCookies and the provision of a created cookie file. After that, the NULL pointer is reassigned, resulting in a segmentation error. Exploiting...

7.8CVSS6.6AI score0.01327EPSS
Exploits0References10Affected Software6
RedHat Linux
RedHat Linux
added 2023/11/14 3:51 p.m.6 views

mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied

A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...

7.5CVSS5.7AI score0.01327EPSS
Exploits0References5
OSV
OSV
added 2023/04/21 11:5 a.m.3 views

OESA-2023-1236 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to...

7.5CVSS7.1AI score0.01327EPSS
Exploits0References3
OSV
OSV
added 2023/04/03 2:15 p.m.1 views

DEBIAN-CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

7.5CVSS6.3AI score0.01327EPSS
Exploits0References1
OSV
OSV
added 2023/04/03 2:15 p.m.5 views

UBUNTU-CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

7.5CVSS6.7AI score0.01327EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.4 views

PT-2023-9329 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions 2.0.0 through 2.4.13.1 Description: The issue is related to the mod auth openidc module for the Apache 2.x HTTP server, which implements OpenID Connect Relying Party functionality. When OIDCStripCookies is set and a...

7.8CVSS6.3AI score0.02731EPSS
Exploits1References65
Rows per page
Query Builder