Download
| Alert*
oval:org.secpod.oval:def:117232
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. oval:org.secpod.oval:def:117223 This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. oval:org.secpod.oval:def:1601057 A text injection flaw was found in how mod_auth_openidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. It was found that mod_auth_openidc did not properly sanitize HTTP headers f ... oval:org.secpod.oval:def:1504121 [1.8.8-5] - Resolves: rhbz#1626297 - CVE-2017-6413 mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration [rhel-7] [1.8.8-4] - Resolves: rhbz#1626299 - CVE-2017-6059 mod_auth_openidc: Shows user-supplied content on error pages [rhel-7] oval:org.secpod.oval:def:503268 mod_auth_openidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: * mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration * mod_auth_openidc: Shows user-supplied con ... oval:org.secpod.oval:def:1700235 A text injection flaw was found in how mod_auth_openidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.It was found that mod_auth_openidc did not properly sanitize HTTP headers fo ... oval:org.secpod.oval:def:205351 mod_auth_openidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: * mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration * mod_auth_openidc: Shows user-supplied con ... |