Vulnerabilities > Openidc > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-24814 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.
network
low complexity
openidc debian fedoraproject
7.5
7.5
2023-04-03 CVE-2023-28625 Unspecified vulnerability in Openidc MOD Auth Openidc
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.
network
low complexity
openidc
7.5
7.5
2021-07-22 CVE-2021-32785 Use of Externally-Controlled Format String vulnerability in multiple products
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc netapp debian CWE-134
7.5
7.5
2021-05-20 CVE-2021-20718 Resource Exhaustion vulnerability in multiple products
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.
network
low complexity
openidc fedoraproject oracle CWE-400
7.5
7.5
2017-04-12 CVE-2017-6059 Improper Input Validation vulnerability in Openidc MOD Auth Openidc 1.8.10/1.8.10.1/1.8.10.2
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
network
low complexity
openidc CWE-20
7.5
7.5
2017-03-02 CVE-2017-6413 Improper Authentication vulnerability in Openidc MOD Auth Openidc
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
network
low complexity
openidc CWE-287
8.6
8.6
2017-03-02 CVE-2017-6062 Improper Authentication vulnerability in Openidc MOD Auth Openidc 1.8.10/1.8.10.1/1.8.10.2
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
network
low complexity
openidc CWE-287
8.6
8.6