The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2112 advisory.

– Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. (CVE-2017-6059)

– The OpenID Connect Relying Party and OAuth 2.0 Resource Server (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an AuthType oauth20 configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
(CVE-2017-6413)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More