Описание
ELSA-2025-9396: mod_auth_openidc security update (IMPORTANT)
[2.4.10-1.el9_6.2] Resolves: RHEL-95948 - mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled (CVE-2025-3891)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
mod_auth_openidc
2.4.10-1.el9_6.2
Oracle Linux x86_64
mod_auth_openidc
2.4.10-1.el9_6.2
Связанные CVE
Связанные уязвимости
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This ...
