BIT-apache-2025-3891

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2025-3891.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-apache-2025-3891

Aliases

CVE-2025-3891
GHSA-x7cf-8wgv-5j86

Published

2025-05-13T05:37:35.931Z

Modified

2025-07-28T14:59:26.461936Z

Summary

[none]

Details

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ]
}

References

https://access.redhat.com/errata/RHSA-2025:4597
https://access.redhat.com/security/cve/CVE-2025-3891
https://bugzilla.redhat.com/show_bug.cgi?id=2361633
https://lists.debian.org/debian-lts-announce/2025/05/msg00007.html
https://nvd.nist.gov/vuln/detail/CVE-2025-3891

Affected packages

Bitnami / apache

Package

Name: apache
Purl: pkg:bitnami/apache

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

BIT-apache-2025-3891

Affected packages

Bitnami / apache

Package

Severity

Affected ranges