INFSA-2025:4597: mod_auth_openidc:2.3 security update
Information about definition
Identificator: INFSA-2025:4597
Type: security
Release date: 2025-06-09 06:06:33 UTC
Information about package
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Vulnerabilities description
- CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-3891
|
no information | 5.3 | no information |
Updated packages