VYPR

rpm package

suse/apache2-mod_auth_openidc&distro=SUSE Linux Enterprise Server 12 SP4-ESPOS

pkg:rpm/suse/apache2-mod_auth_openidc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS

Vulnerabilities (2)

  • CVE-2023-28625HigApr 3, 2023
    affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1

    mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereferen

  • CVE-2022-23527MedDec 14, 2022
    affected < 2.4.0-7.9.1fixed 2.4.0-7.9.1

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() do