Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache HTTP Server 授权问题漏洞
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server中的‘OpenID Connect Relying Party和OAuth 2.0 Resource Server’(又叫mod_auth_openidc)模块2.1.5之前的版本存在授权问题漏洞,该漏洞源于在OIDCUnAuthAction pass配置中程序没有跳过OIDC_CLAIM_和OIDCAuthNHeade
CVSS Information
N/A
Vulnerability Type
N/A