Vulnerabilities > Openidc > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-24814 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.
network
low complexity
openidc debian fedoraproject
7.5
7.5
2023-04-03 CVE-2023-28625 Unspecified vulnerability in Openidc MOD Auth Openidc
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.
network
low complexity
openidc
7.5
7.5
2021-07-22 CVE-2021-32785 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc netapp debian
7.5
7.5
2021-05-20 CVE-2021-20718 Resource Exhaustion vulnerability in multiple products
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.
network
low complexity
openidc fedoraproject oracle CWE-400
7.5
7.5
2017-04-12 CVE-2017-6059 Improper Input Validation vulnerability in Openidc MOD Auth Openidc
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
network
low complexity
openidc CWE-20
7.5
7.5
2017-03-02 CVE-2017-6413 Improper Authentication vulnerability in Openidc MOD Auth Openidc
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
network
low complexity
openidc CWE-287
8.6
8.6
2017-03-02 CVE-2017-6062 Improper Authentication vulnerability in Openidc MOD Auth Openidc
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
network
low complexity
openidc CWE-287
8.6
8.6