ID de Prueba:	1.3.6.1.4.1.25623.1.0.892298
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for libapache2-mod-auth-openidc (DLA-2298-1)
Resumen:	The remote host is missing an update for the 'libapache2-mod-auth-openidc'; package(s) announced via the DLA-2298-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libapache2-mod-auth-openidc' package(s) announced via the DLA-2298-1 advisory. Vulnerability Insight: Several issues have been found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. CVE-2019-14857 Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID provider by forwarding the request to an illegitimate website. CVE-2019-20479 Due to insufficient validatation of URLs an Open Redirect vulnerability for URLs beginning with a slash and backslash could be abused. CVE-2019-1010247 The OIDCRedirectURI page contains generated JavaScript code that uses a poll parameter as a string variable, thus might contain additional JavaScript code. This might result in Criss-Site Scripting (XSS). Affected Software/OS: 'libapache2-mod-auth-openidc' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 2.1.6-1+deb9u1. We recommend that you upgrade your libapache2-mod-auth-openidc packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1010247 Common Vulnerability Exposure (CVE) ID: CVE-2019-14857 Common Vulnerability Exposure (CVE) ID: CVE-2019-20479
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.