RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - The...

RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2388)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2009)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-2388)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a...

CVE-2016-2145

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

CVE-2016-2145

CVE-2016-2145 affects mod_auth_mellon before 0.11.1: am_read_post_data does not check ap_get_client_block for errors, enabling DoS via crafted POST data (segfaults/process crashes). Affected products/versions include Red Hat/EulerOS advisories; recommended mitigation is upgrading to at least 0.13...