INFSA-2024:9180: mod_auth_openidc security update
Information about definition
Identificator: INFSA-2024:9180
Type: security
Release date: 2024-12-13 12:06:19 UTC
Information about package
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Vulnerabilities description
- CVE-2024-24814
A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. Missing input validation in the mod_auth_openidc_session_chunks cookie value can make the server vulnerable to a denial of service attack. This issue may allow a remote attacker to craft a request that causes the application or system to slow down or crash due to unhandled errors.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-24814
|
no information | 7.5 | no information |
Updated packages