Download
| Alert*
oval:org.secpod.oval:def:508030
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: mod_auth_openidc: Open Redirect in oidc_validate_redirect_url using tab character mo ... oval:org.secpod.oval:def:2600436 The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. oval:org.secpod.oval:def:93340 It was discovered that missing input sanitising in the implementation of the OIDCStripCookie option in mod_auth_openidc could result in denial of service. oval:org.secpod.oval:def:2501251 The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. oval:org.secpod.oval:def:610573 It was discovered that missing input sanitising in the implementation of the OIDCStripCookie option in mod_auth_openidc could result in denial of service. oval:org.secpod.oval:def:89048704 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied . oval:org.secpod.oval:def:89572 The host is installed with Apache HTTP Server 2.0.0 through 2.4.13.2 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle issues in mod_auth_openidc is an authentication and authorization module. Successful exploitation could ... oval:org.secpod.oval:def:508193 The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: mod_auth_openidc: Open Redirect in oidc_validate_redirect_url using tab character mo ... oval:org.secpod.oval:def:89048796 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url using tab character . * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied . oval:org.secpod.oval:def:125780 This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. |