oss-sec mailing list archives
OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062
From: Salvatore Bonaccorso <carnil () debian org>
Date: Fri, 17 Feb 2017 21:23:19 +0100
Hi MITRE has assigned two CVEs for the OpenID Connect authentication module for Apache (https://github.com/pingidentity/mod_auth_openidc): CVE-2017-6059: https://github.com/pingidentity/mod_auth_openidc/issues/212 mod_auth_openidc showss user-supplied content on error pages. CVE-2017-6062: https://github.com/pingidentity/mod_auth_openidc/issues/222 OIDCUnAuthAction pass does not scrub request headers Regards, Salvatore
Current thread:
- OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062 Salvatore Bonaccorso (Feb 17)