Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Feb 2017 21:23:19 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: OpenID Connect authentication module for Apache: CVE-2017-6059
 CVE-2017-6062

Hi

MITRE has assigned two CVEs for the OpenID Connect authentication
module for Apache (https://github.com/pingidentity/mod_auth_openidc):

CVE-2017-6059:

https://github.com/pingidentity/mod_auth_openidc/issues/212

mod_auth_openidc showss user-supplied content on error pages.

CVE-2017-6062:

https://github.com/pingidentity/mod_auth_openidc/issues/222

OIDCUnAuthAction pass does not scrub request headers

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ