INFSA-2025:9396: mod_auth_openidc security update
Information about definition
Identificator: INFSA-2025:9396
Type: security
Release date: 2025-07-07 18:15:06 UTC
Information about package
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Vulnerabilities description
- CVE-2025-3891
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-3891
|
no information | 7.5 | no information |
Updated packages