47 matches found
mod_auth_mellon 输入验证错误漏洞
modauthmellon is an authentication module used in Apache. A security vulnerability exists in modauthmellon. The vulnerability stems from mod auth mellon not properly clearing the logout url, which can be exploited by an attacker to trick a user into visiting a spoofed trusted web application URL...
Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20201001)
Security Fixes : - modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 - modauthopenidc: Open redirect issue exists in URLs with slash and backslash CVE-2019-20479 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...
Opren Redirect
modauthopenidc is vulnerable to open redirect. Open redirect in logout url when using URLs with leading slashes...
mod_auth_mellon: open redirect in logout url when using URLs with backslashes
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)
A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...
Open Redirection
modauthmellon is vulnerable to open redirection vulnerability. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL...
Important: mod_auth_mellon
Issue Overview: A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them ...
Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)
A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...
Important: mod24_auth_mellon
Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...
EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-1320)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
DEBIAN-CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
Open redirect
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
UBUNTU-CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
PT-2019-1903 · Apache +3 · Mod Auth Mellon +3
Name of the Vulnerable Software and Affected Versions: mod auth mellon versions prior to 0.14.2 Description: A vulnerability in mod auth mellon allows an open redirect in the logout URL, where requests with backslashes are treated as relative URLs, while browsers convert them to forward slashes,...
sonos.com XSS vulnerability
Vulnerable URL: https://www.sonos.com/login/logout/?returnURL="-confirmOPENBUGBOUNTY-" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13988 VIP website status:| Yes Coordinated...
login.globo.com Open Redirect vulnerability
Vulnerable URL: https://login.globo.com/logout?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...