Mod Auth Openidc
CVE-2021-20718
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.
AnalysisAI
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Affected products include: Openidc Mod Auth Openidc, Fedoraproject Fedora, Oracle Essbase.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Mod Auth Openidc
View allmod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that imp
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apac
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apac
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated m
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co
A flaw was found in mod_auth_openidc before version 2.4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is rem
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (C
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today