Vulnerability Details : CVE-2023-28625
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
Vulnerability category: Memory CorruptionDenial of service
Threat overview for CVE-2023-28625
Top countries where our scanners detected CVE-2023-28625
Top open port discovered on systems with this issue
80
IPs affected by CVE-2023-28625 1,255,739
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2023-28625!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2023-28625
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less