Date: Fri, 17 Feb 2017 21:23:19 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062 Hi MITRE has assigned two CVEs for the OpenID Connect authentication module for Apache (https://github.com/pingidentity/mod_auth_openidc): CVE-2017-6059: https://github.com/pingidentity/mod_auth_openidc/issues/212 mod_auth_openidc showss user-supplied content on error pages. CVE-2017-6062: https://github.com/pingidentity/mod_auth_openidc/issues/222 OIDCUnAuthAction pass does not scrub request headers Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ