7.5

CVE-2017-6059

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenidcMod Auth Openidc Version < 2.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.18% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/
https://access.redhat.com/errata/RHSA-2019:2112
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/17/6
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96299
Third Party Advisory
VDB Entry
https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4
Patch
Third Party Advisory
https://github.com/pingidentity/mod_auth_openidc/issues/212
Patch
Third Party Advisory
Issue Tracking
https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4
Patch
Third Party Advisory
Release Notes