Ping Identity 'mod_auth_openidc' Module CVE-2017-6059 Content Spoofing Vulnerability

Ping Identity 'mod_auth_openidc' module is prone to a content-spoofing vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to manipulate the page and spoof content, which may aid in further attacks.

Versions prior to mod_auth_openidc 2.1.4 are vulnerable.

Note: This issue also affects Apache HTTP Server 2.x using 'mod_auth_openidc' module.

Information

Bugtraq ID: 96299
Class: Input Validation Error
CVE: CVE-2017-6059

Remote: Yes
Local: No
Published: Feb 17 2017 12:00AM
Credit: Lukas Reschke
Vulnerable: PingIdentity mod_auth_openidc 2.1.3
PingIdentity mod_auth_openidc 2.1.1
PingIdentity mod_auth_openidc 2.1
PingIdentity mod_auth_openidc 2.0
PingIdentity mod_auth_openidc 1.5
PingIdentity mod_auth_openidc 1.0.1
Apache HTTP Server 2.2.25
Apache HTTP Server 2.2.24
Apache HTTP Server 2.2.6 0
Apache HTTP Server 2.4.25

Not Vulnerable: PingIdentity mod_auth_openidc 2.1.4

Exploit

An attacker can exploit this issue using a browser.

References:

• 'mod_auth_openidc' Release 2.1.4 (Ping Identity)
  
• don't echo query params on invalid requests to redirect URI; closes #212 (Ping Identity)
  
• mod_auth_openidc Product Page (Ping Identity)
  
• mod_auth_openidc/ChangeLog (Ping Identity)
  
• Don't show user-supplied content in error pages #212 (Ping Identity)
  

Source: www.securityfocus.com