RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-2388)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a...

mod_auth_mellon denial of service vulnerability (CNVD-2016-02441)

modauthmellon is an Apache module that provides simple SAML Security Assertion Markup Language 2.0 services. A denial of service vulnerability exists in the amreadpostdata function in versions of modauthmellon prior to 0.11.1, which can be exploited by a remote attacker to cause a denial of servi...

CVE-2016-2145

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

CVE-2016-2146

The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service worker process crash, web server deadlock, or memory consumption via a large amount of POST data...

Design/Logic Flaw

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

CVE-2016-2145

CVE-2016-2145 affects mod_auth_mellon before 0.11.1: am_read_post_data does not check ap_get_client_block for errors, enabling DoS via crafted POST data (segfaults/process crashes). Affected products/versions include Red Hat/EulerOS advisories; recommended mitigation is upgrading to at least 0.13...

CVE-2016-2145

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

CVE-2016-2146

The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service worker process crash, web server deadlock, or memory consumption via a large amount of POST data...