Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openidc mod auth openidc vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2017-6413
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module prior to 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote malicious...
Openidc Mod Auth Openidc
8.6
CVSSv3
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module prior to 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote mali...
Openidc Mod Auth Openidc
7.5
CVSSv3
CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 up to and including 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL point...
Openidc Mod Auth Openidc
7.5
CVSSv3
CVE-2021-32785
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions before 2.4.9 are configured to use an unencrypted R...
Openidc Mod Auth Openidc
Netapp Cloud Backup -
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-20718
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote malicious user to cause a denial-of-service (DoS) condition via unspecified vectors.
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Essbase
7.5
CVSSv3
CVE-2017-6059
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) prior to 2.14 allows remote malicious users to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Openidc Mod Auth Openidc
6.1
CVSSv3
CVE-2022-23527
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions before 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url(...
Openidc Mod Auth Openidc
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2021-32786
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the s...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »