CVE-2017-6413 in mod_auth_openidcthông tin

Tóm tắt

Bởi MITRE

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Đặt trước

01/03/2017

Tiết lộ

02/03/2017

Kiểm duyệt

được chấp nhận

mục

VDB-97466

CPE

sẵn sàng

CWE

CWE-287 (Đã xác nhận)

CVSS

8.6 (NVD)

EPSS

0.04253

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-6413
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-6413
CVE Details	https://www.cvedetails.com/cve/CVE-2017-6413/

◂ Trước Tổng Quan Tiếp theo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!