Описание
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | mod_auth_openidc | Fix deferred | ||
| Red Hat Enterprise Linux 7 | mod_auth_openidc | Not affected | ||
| Red Hat Enterprise Linux 8 | mod_auth_openidc | Fixed | RHSA-2025:4597 | 06.05.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | mod_auth_openidc | Fixed | RHSA-2025:10006 | 01.07.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | mod_auth_openidc | Fixed | RHSA-2025:10004 | 01.07.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | mod_auth_openidc | Fixed | RHSA-2025:10003 | 01.07.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | mod_auth_openidc | Fixed | RHSA-2025:10003 | 01.07.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | mod_auth_openidc | Fixed | RHSA-2025:10003 | 01.07.2025 |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | mod_auth_openidc | Fixed | RHSA-2025:10010 | 01.07.2025 |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | mod_auth_openidc | Fixed | RHSA-2025:10010 | 01.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
A flaw was found in the mod_auth_openidc module for Apache httpd. This ...
EPSS
7.5 High
CVSS3