Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache HTTP Server 安全漏洞
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server中的‘OpenID Connect Relying Party和OAuth 2.0 Resource Server’(又叫mod_auth_openidc)模块2.1.6之前的版本中存在安全漏洞。远程攻击者可利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A