Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2017-6413

Disclosure Date: March 02, 2017 •

CVE-2017-6413

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The “OpenID Connect Relying Party and OAuth 2.0 Resource Server” (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an “AuthType oauth20” configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

openidc

Products

mod auth openidc

References

Canonical

CVE-2017-6413 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6413)

BID-96549 (http://www.securityfocus.com/bid/96549)

Advisory

https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog

https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6

https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e

https://access.redhat.com/errata/RHSA-2019:2112

FEDORA-2019-7b06f18a10 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z)

FEDORA-2019-23638d42f3 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA)

FEDORA-2019-a25d5df3b4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH)

Rapid7

Hello Everyone! We have made some updates to AttackerKB in the last few months.

New tags:

New workers:

Unknown

CVE-2017-6413

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-6413

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Hello Everyone! We have made some updates to AttackerKB in the last few months.

New tags:

New workers:

Unknown

CVE-2017-6413

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-6413

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification