We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-3891

Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled



Description

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Reserved 2025-04-23 | Published 2025-04-29 | Updated 2025-05-12 | Assigner redhat


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Uncaught Exception

Product status

Default status
affected

8100020250426100353.489197e6 before *
unaffected

Default status
affected

Default status
affected

Timeline

2025-04-22:Reported to Red Hat.
2025-04-29:Made public.

References

access.redhat.com/errata/RHSA-2025:4597 (RHSA-2025:4597) vendor-advisory

access.redhat.com/security/cve/CVE-2025-3891 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2361633 (RHBZ#2361633) issue-tracking

cve.org (CVE-2025-3891)

nvd.nist.gov (CVE-2025-3891)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-3891

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.