7 matches found
MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-7316:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7316:01 advisory. modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character CVE-2022-23527 modauthopenidc: NULL pointer dereference when...
The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to cause a service denial.
The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the installation of OIDCStripCookies and the provision of a created cookie file. After that, the NULL pointer is reassigned, resulting in a segmentation error. Exploiting...
mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied
A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...
OESA-2023-1236 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to...
DEBIAN-CVE-2023-28625
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...
UBUNTU-CVE-2023-28625
modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...
PT-2023-9329 · Apache +5 · Apache Http Server +5
Name of the Vulnerable Software and Affected Versions: mod auth openidc versions 2.0.0 through 2.4.13.1 Description: The issue is related to the mod auth openidc module for the Apache 2.x HTTP server, which implements OpenID Connect Relying Party functionality. When OIDCStripCookies is set and a...