The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-03-02T06:00:00
Updated: 2019-10-26T20:06:12
Reserved: 2017-02-17T00:00:00
Link: CVE-2017-6062
JSON object: View
NVD Information
Status : Modified
Published: 2017-03-02T06:59:00.230
Modified: 2023-11-07T02:49:49.347
Link: CVE-2017-6062
JSON object: View
Redhat Information
No data.
CWE