Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-28625

Опубликовано: 03 апр. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using OIDCStripCookies.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.4.12.3-2
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

needed

esm-apps/noble

not-affected

2.4.12.3-2
esm-apps/xenial

not-affected

code not present
focal

ignored

end of standard support, was needed
jammy

needed

kinetic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.00085
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-28625

CVSS3: 7.5
redhat
почти 3 года назад

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

nvd логотип

CVE-2023-28625

CVSS3: 7.5
nvd
почти 3 года назад

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

msrc логотип

CVE-2023-28625

CVSS3: 7.5
msrc
больше 2 лет назад

mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied

debian логотип

CVE-2023-28625

CVSS3: 7.5
debian
почти 3 года назад

mod_auth_openidc is an authentication and authorization module for the ...

suse-cvrf логотип

SUSE-SU-2023:1849-1

suse-cvrf
почти 3 года назад

Security update for apache2-mod_auth_openidc

EPSS

Процентиль: 25%
0.00085
Низкий

7.5 High

CVSS3