CVE-2017-6413

mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration

Severity Score

8.6

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

El módulo "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (también conocido como mod_auth_openidc) en versiones anteriores a 2.1.6 para el servidor HTTP de Apache no omite cabeceras OIDC_CLAIM_ y OIDCAuthNHeader en una configuración "AuthType oauth20", lo que permite a atacantes remotos eludir autenticación a través de tráfico HTTP manipulado.

It was found that mod_auth_openidc did not properly sanitize HTTP headers for certain request paths. A remote attacker could potentially use this flaw to bypass authentication and access sensitive information by sending crafted HTTP requests.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-01 CVE Reserved
2017-03-02 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/bid/96549	Vdb Entry

URL	Date	SRC

URL	Date	SRC
https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog	2023-11-07
https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e	2023-11-07
https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6	2023-11-07

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:2112	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-6413	2019-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=1428855	2019-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openidc Search vendor "Openidc"		Mod Auth Openidc Search vendor "Openidc" for product "Mod Auth Openidc"				<= 2.1.5 Search vendor "Openidc" for product "Mod Auth Openidc" and version " <= 2.1.5"		-		Affected