ГлавнаяУязвимости → CVE-2025-3891
7.5высокая

CVE-2025-3891

→ есть в БДУ: BDU:2025-10948 (на русском)
Описание (на английском; русское — в БДУ выше)

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Затрагиваемое ПО
Apache Http serverRedhat Enterprise linuxDebian Debian linux
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://access.redhat.com/errata/RHSA-2025:10002https://access.redhat.com/errata/RHSA-2025:10003https://access.redhat.com/errata/RHSA-2025:10004https://access.redhat.com/errata/RHSA-2025:10006https://access.redhat.com/errata/RHSA-2025:10007https://access.redhat.com/errata/RHSA-2025:10008https://access.redhat.com/errata/RHSA-2025:10010https://access.redhat.com/errata/RHSA-2025:4597