Lucene search

K
OpenidcMod Auth Openidc

5 matches found

CVE
CVE
added 2021/07/22 10:15 p.m.235 views

CVE-2021-32785

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (OIDCC...

7.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2023/04/03 2:15 p.m.197 views

CVE-2023-28625

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resul...

7.5CVSS7.5AI score0.00103EPSS
CVE
CVE
added 2021/05/20 2:15 a.m.127 views

CVE-2021-20718

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

7.5CVSS7.2AI score0.0306EPSS
CVE
CVE
added 2024/02/13 7:15 p.m.92 views

CVE-2024-24814

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable t...

7.5CVSS7.4AI score0.00205EPSS
CVE
CVE
added 2017/04/12 8:59 p.m.57 views

CVE-2017-6059

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

7.5CVSS7.4AI score0.0201EPSS