Zandbelt

**Name of the Vulnerable Software and Affected Versions** mod auth openidc versions prior to 2.4.15.2 **Description** The issue is related to a denial of service (DoS) attack due to missing input validation on the `mod auth openidc session chunks` cookie value. This allows an attacker to craft requests that can make the server unresponsive or crash with minimal effort. By manipulating the `mod auth openidc session chunks` cookie value to a very large integer, the server struggles with the request and finally returns a 500 error. Making a few such requests can cause the server to become unresponsive. **Recommendations** For versions prior to 2.4.15.2, upgrade to version 2.4.15.2 to address the issue. As a temporary workaround, consider restricting access to the `mod auth openidc session chunks` cookie to minimize the risk of exploitation. Avoid using large integer values for the `mod auth openidc session chunks` cookie until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenIDC/cjose versions prior to 0.6.2.2 **Description** The AES GCM decryption routine in OpenIDC/cjose incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE, instead of the fixed length of 16 octets specified in the spec. This allows an attacker to provide a truncated Authentication Tag and modify the JWE accordingly. **Recommendations** For versions prior to 0.6.2.2, upgrade to a version >= 0.6.2.2. For users unable to upgrade, avoid using AES GCM encryption and replace it with another encryption algorithm, such as AES CBC.

**Name of the Vulnerable Software and Affected Versions** mod auth openidc versions prior to 2.4.12.2 **Description** The issue concerns an Open Redirect vulnerability in mod auth openidc, an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server. When a logout parameter is provided to the redirect URI, the existing code in `oidc validate redirect url()` does not properly check for URLs that start with `/t`, leading to an open redirect. **Recommendations** For versions prior to 2.4.12.2, upgrade to version 2.4.12.2 to resolve the issue. As a temporary workaround, consider configuring mod auth openidc to only allow redirection when the destination matches a given regular expression with `OIDCRedirectURLsAllowed`.

**Name of the Vulnerable Software and Affected Versions** mod auth openidc versions prior to 2.4.9.4 **Description** The mod auth openidc module for the Apache 2.x HTTP server is vulnerable to an open redirect attack. This occurs when a crafted URL is supplied in the `target link uri` parameter, affecting the 3rd-party init SSO functionality. A patch in version 2.4.9.4 applies the `OIDCRedirectURLsAllowed` setting to the `target link uri` parameter, mitigating the issue. **Recommendations** For mod auth openidc versions prior to 2.4.9.4, upgrade to a patched version, specifically version 2.4.9.4 or later, to resolve the issue. As a temporary workaround, consider restricting the use of the `target link uri` parameter until a patch is applied. Additionally, ensure the `OIDCRedirectURLsAllowed` setting is properly configured to minimize the risk of exploitation.