Описание
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.3.3-1build1 |
| cosmic | not-affected | 2.3.3-1build1 |
| devel | not-affected | 2.3.3-1build1 |
| disco | not-affected | 2.3.3-1build1 |
| eoan | not-affected | 2.3.3-1build1 |
| esm-apps/bionic | not-affected | 2.3.3-1build1 |
| esm-apps/focal | not-affected | 2.3.3-1build1 |
| esm-apps/jammy | not-affected | 2.3.3-1build1 |
| esm-apps/noble | not-affected | 2.3.3-1build1 |
Показывать по
5 Medium
CVSS2
8.6 High
CVSS3
Связанные уязвимости
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
5 Medium
CVSS2
8.6 High
CVSS3