rpm package
suse/apache2-mod_auth_openidc&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/apache2-mod_auth_openidc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3891 | Hig | 7.5 | < 2.3.8-150100.3.34.1 | 2.3.8-150100.3.34.1 | Apr 29, 2025 | A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab | |
| CVE-2025-31492 | Hig | — | < 2.3.8-150100.3.31.1 | 2.3.8-150100.3.31.1 | Apr 6, 2025 | mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthentic | |
| CVE-2024-24814 | Hig | 7.5 | < 2.3.8-150100.3.28.1 | 2.3.8-150100.3.28.1 | Feb 13, 2024 | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the |
- affected < 2.3.8-150100.3.34.1fixed 2.3.8-150100.3.34.1
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availab
- affected < 2.3.8-150100.3.31.1fixed 2.3.8-150100.3.31.1
mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthentic
- affected < 2.3.8-150100.3.28.1fixed 2.3.8-150100.3.28.1
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the