Skip to main content

Mod Auth Openidc CVE-2021-20718

HIGH
Uncontrolled Resource Consumption (CWE-400)
2021-05-20 vultures@jpcert.or.jp
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2021 - 02:15 nvd
HIGH 7.5

DescriptionNVD

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

AnalysisAI

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Affected products include: Openidc Mod Auth Openidc, Fedoraproject Fedora, Oracle Essbase.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2024-24814 HIGH POC
7.5 Feb 13

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that imp

CVE-2021-39191 MEDIUM POC
6.1 Sep 03

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2021-32786 MEDIUM POC
6.1 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2017-6062 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apac

CVE-2017-6413 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apac

CVE-2017-6059 HIGH
7.5 Apr 12

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.

CVE-2023-28625 HIGH
7.5 Apr 03

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID

CVE-2021-32785 HIGH
7.5 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2022-23527 MEDIUM
6.1 Dec 14

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated m

CVE-2021-32792 MEDIUM
6.1 Jul 26

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2019-14857 MEDIUM
6.1 Nov 26

A flaw was found in mod_auth_openidc before version 2.4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is rem

CVE-2019-1010247 MEDIUM
6.1 Jul 19

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (C

Share

CVE-2021-20718 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy