Ping Identity 'mod_auth_openidc' Module CVE-2017-6059 Content Spoofing Vulnerability



Ping Identity 'mod_auth_openidc' module is prone to a content-spoofing vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to manipulate the page and spoof content, which may aid in further attacks.

Versions prior to mod_auth_openidc 2.1.4 are vulnerable.

Note: This issue also affects Apache HTTP Server 2.x using 'mod_auth_openidc' module.

Information

Bugtraq ID: 96299
Class: Input Validation Error
CVE: CVE-2017-6059

Remote: Yes
Local: No
Published: Feb 17 2017 12:00AM
Credit: Lukas Reschke
Vulnerable: PingIdentity mod_auth_openidc 2.1.3
PingIdentity mod_auth_openidc 2.1.1
PingIdentity mod_auth_openidc 2.1
PingIdentity mod_auth_openidc 2.0
PingIdentity mod_auth_openidc 1.5
PingIdentity mod_auth_openidc 1.0.1
Apache HTTP Server 2.2.25
Apache HTTP Server 2.2.24
Apache HTTP Server 2.2.6 0
Apache HTTP Server 2.4.25


Not Vulnerable: PingIdentity mod_auth_openidc 2.1.4


Exploit


An attacker can exploit this issue using a browser.


Related Posts

Comments