PT-2019-4786 · Apache+5 · Mod Auth Openidc+6

Oss-Aimoto

Published

2019-11-08

Updated

2025-12-29

CVE-2019-14857

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.0.1 Apache HTTP Server (affected versions not specified)

Description A flaw exists related to open redirect issues in URLs with trailing slashes. There is also an issue with insufficient protection of web pages in the mod auth digest component of the Apache HTTP Server, which could allow a remote attacker to gain unauthorized access to confidential information or execute arbitrary code.

Recommendations For mod auth openidc versions prior to 2.4.0.1, update to version 2.4.0.1 or later. For Apache HTTP Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALSA-2020:3032

BDU:2020-01364

CESA-2020_3032

CESA-2020_3970

CVE-2019-14857

DLA-1996-1

DLA-2298-1

MGASA-2019-0410

OPENSUSE-SU-2019:2499-1

OPENSUSE-SU-2019_2499-1

OPENSUSE-SU-2024:10624-1

RHSA-2020:3032

RHSA-2020:3970

RHSA-2020_3032

RHSA-2020_3970

RLSA-2020:3032

SUSE-SU-2019:2934-1

SUSE-SU-2019:2935-1

SUSE-SU-2019_2934-1

SUSE-SU-2019_2935-1

SUSE-SU-2025:4532-1

Affected Products

Almalinux

Apache Http Server

Centos

Red Hat

Rocky Linux

Suse

Mod Auth Openidc

PT-2019-4786 · Apache+5 · Mod Auth Openidc+6

CVE-2019-14857

Weakness Enumeration

Related Identifiers

Affected Products

References · 57