VYPR

mod_auth_openidc

by Apache HTTP Server

CVEs (1)

  • CVE-2017-6062HigMar 2, 2017
    risk 0.56cvss 8.6epss 0.04

    The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass…