The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-03-02T06:00:00
Updated: 2019-10-26T20:06:11
Reserved: 2017-03-01T00:00:00
Link: CVE-2017-6413
JSON object: View
NVD Information
Status : Modified
Published: 2017-03-02T06:59:01.217
Modified: 2023-11-07T02:49:54.860
Link: CVE-2017-6413
JSON object: View
Redhat Information
No data.
CWE