CVE-2021-20718

CWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
7.5HIGH
EPSS
1.8%
top 17.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle EssbaseOpenidc MOD Auth OpenidcZmartzone MOD Auth Openidc+1 more
Timeline
PublishedMay 20
Latest updateJan 15

Description

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDoracle/essbase< 21.3
Debianlibapache2-mod-auth-openidc< 2.4.4.1-2+3
NVDopenidc/mod_auth_openidc2.4.02.4.7
CVEListV5zmartzone/mod_auth_openidc2.4.0 to 2.4.7

Also affects: Fedora 33, 34

🔴Vulnerability Details

2
OSV
CVE-2021-20718: mod_auth_openidc 22021-05-20
CVEList
CVE-2021-20718: mod_auth_openidc 22021-05-20

📋Vendor Advisories

4
Oracle
Oracle Oracle Essbase Risk Matrix: Infrastructure (mod_auth_openidc) — CVE-2021-207182022-01-15
Red Hat
mod_auth_openidc: DoS in oidc_util_read_post_params() in util.c2021-05-14
Microsoft
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.2021-05-11
Debian
CVE-2021-20718: libapache2-mod-auth-openidc - mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-se...2021
CVE-2021-20718 (HIGH CVSS 7.5) | mod_auth_openidc 2.4.0 to 2.4.7 all | cvebase.io