Описание
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libapache2-mod-auth-openidc | fixed | 2.1.5-1 | package | |
| libapache2-mod-auth-openidc | no-dsa | jessie | package |
Примечания
https://github.com/pingidentity/mod_auth_openidc/issues/212
EPSS
Связанные уязвимости
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
ELSA-2019-2112: mod_auth_openidc security update (MODERATE)
EPSS