Количество 12
Количество 12
CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
CVE-2023-28625
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the ...
SUSE-SU-2023:1849-1
Security update for apache2-mod_auth_openidc
BDU:2024-06538
Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2023:1837-1
Security update for apache2-mod_auth_openidc
ROS-20240815-09
Уязвимость mod_auth_openidc
ELSA-2023-6940
ELSA-2023-6940: mod_auth_openidc:2.3 security and bug fix update (MODERATE)
ELSA-2023-6365
ELSA-2023-6365: mod_auth_openidc security and bug fix update (MODERATE)
SUSE-SU-2025:4532-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28625 mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-28625 mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-28625 mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28625 mod_auth_openidc is an authentication and authorization module for the ... | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2023:1849-1 Security update for apache2-mod_auth_openidc | 0% Низкий | почти 3 года назад | |
 | BDU:2024-06538 Уязвимость модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc | почти 3 года назад | ||
 | ROS-20240815-09 Уязвимость mod_auth_openidc | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| ELSA-2023-6940 ELSA-2023-6940: mod_auth_openidc:2.3 security and bug fix update (MODERATE) | около 2 лет назад | ||
| ELSA-2023-6365 ELSA-2023-6365: mod_auth_openidc security and bug fix update (MODERATE) | около 2 лет назад | ||
| SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc | 20 дней назад |
Уязвимостей на страницу