Lucene search
+L

47 matches found

CNNVD
CNNVD
added 2021/07/29 12:0 a.m.3 views

mod_auth_mellon 输入验证错误漏洞

modauthmellon is an authentication module used in Apache. A security vulnerability exists in modauthmellon. The vulnerability stems from mod auth mellon not properly clearing the logout url, which can be exploited by an attacker to trick a user into visiting a spoofed trusted web application URL...

6.1CVSS6.2AI score0.00752EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.28 views

Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20201001)

Security Fixes : - modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 - modauthopenidc: Open redirect issue exists in URLs with slash and backslash CVE-2019-20479 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

6.1CVSS6.4AI score0.01893EPSS
Exploits0References3
Veracode
Veracode
added 2020/10/01 3:50 a.m.35 views

Opren Redirect

modauthopenidc is vulnerable to open redirect. Open redirect in logout url when using URLs with leading slashes...

6.1CVSS1.3AI score0.01535EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/05 9:20 p.m.6 views

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS5.8AI score0.02131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/21 12:0 a.m.37 views

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
Veracode
Veracode
added 2019/05/16 3:38 a.m.26 views

Open Redirection

modauthmellon is vulnerable to open redirection vulnerability. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References12Affected Software3
Amazon
Amazon
added 2019/05/16 12:0 a.m.25 views

Important: mod_auth_mellon

Issue Overview: A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them ...

8.1CVSS7.1AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.32 views

Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
Amazon
Amazon
added 2019/05/02 12:0 a.m.132 views

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.23 views

EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-1320)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
NVD
NVD
added 2019/03/27 1:29 p.m.21 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.4AI score0.02131EPSS
Exploits0References8
OSV
OSV
added 2019/03/27 1:29 p.m.1 views

DEBIAN-CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References1
Prion
Prion
added 2019/03/27 1:29 p.m.25 views

Open redirect

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

4.3CVSS5.8AI score0.02131EPSS
Exploits0References8Affected Software4
Debian CVE
Debian CVE
added 2019/03/27 12:19 p.m.34 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/03/22 1:49 p.m.31 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS4.4AI score0.02131EPSS
Exploits0References3
OSV
OSV
added 2019/03/22 12:0 a.m.3 views

UBUNTU-CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/03/20 12:0 a.m.5 views

PT-2019-1903 · Apache +3 · Mod Auth Mellon +3

Name of the Vulnerable Software and Affected Versions: mod auth mellon versions prior to 0.14.2 Description: A vulnerability in mod auth mellon allows an open redirect in the logout URL, where requests with backslashes are treated as relative URLs, while browsers convert them to forward slashes,...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References41
Openbugbounty
Openbugbounty
added 2016/12/15 2:19 p.m.27 views

sonos.com XSS vulnerability

Vulnerable URL: https://www.sonos.com/login/logout/?returnURL="-confirmOPENBUGBOUNTY-" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 13988 VIP website status:| Yes Coordinated...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/11/23 3:59 p.m.23 views

login.globo.com Open Redirect vulnerability

Vulnerable URL: https://login.globo.com/logout?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

6.8AI score
Exploits0
Rows per page
Query Builder