VYPR

rpm package

suse/apache2-mod_auth_openidc&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/apache2-mod_auth_openidc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (4)

  • CVE-2025-3891HigApr 29, 2025
    affected < 2.3.8-150100.3.34.1fixed 2.3.8-150100.3.34.1

    A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab

  • CVE-2025-31492HigApr 6, 2025
    affected < 2.3.8-150100.3.31.1fixed 2.3.8-150100.3.31.1

    mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthentic

  • CVE-2024-24814HigFeb 13, 2024
    affected < 2.3.8-150100.3.28.1fixed 2.3.8-150100.3.28.1

    mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the

  • CVE-2023-28625HigApr 3, 2023
    affected < 2.3.8-150100.3.25.1fixed 2.3.8-150100.3.25.1

    mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereferen