CVE-2019-20479
- EPSS 0.47%
- Veröffentlicht 20.02.2020 06:15:11
- Zuletzt bearbeitet 21.11.2024 04:38:34
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
CVE-2019-14857
- EPSS 0.81%
- Veröffentlicht 26.11.2019 12:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:30
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVE-2019-1010247
- EPSS 0.36%
- Veröffentlicht 19.07.2019 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:18:05
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_ope...
CVE-2017-6059
- EPSS 2.01%
- Veröffentlicht 12.04.2017 20:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
CVE-2017-6413
- EPSS 0.41%
- Veröffentlicht 02.03.2017 06:59:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote a...
CVE-2017-6062
- EPSS 0.41%
- Veröffentlicht 02.03.2017 06:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows rem...