Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-6807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their...

6.1CVSS6.6AI score0.01068EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...

7.5CVSS7.6AI score0.03397EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.20 views

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...

8.5AI score0.03397EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/10/23 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-4597-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2020/10/22 12:47 p.m.96 views

USN-4597-1: mod_auth_mellon vulnerabilities

François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...

8.1CVSS6.9AI score0.02969EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01068EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2388)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.03397EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.33 views

EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-2632)

According to the version of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a serv...

6.1CVSS6.7AI score0.01068EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.27 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-2388)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a...

7.5CVSS6.8AI score0.03397EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.34 views

Amazon Linux AMI : mod_auth_mellon / mod24_auth_mellon (ALAS-2018-968)

Cross-site session transfer vulnerability : It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one website on a server could use the same session to get access to a different site running on the same server. CVE-2017-6807 C Tenable...

6.1CVSS6.7AI score0.01068EPSS
Exploits0References2
Amazon
Amazon
added 2018/03/07 12:0 a.m.35 views

Medium: mod_auth_mellon, mod24_auth_mellon

Issue Overview: Cross-site session transfer vulnerability: It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...

6.1CVSS6.5AI score0.01068EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/03/13 3:18 p.m.25 views

CVE-2017-6807

It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...

6.4CVSS3.3AI score0.01068EPSS
Exploits0References1
NVD
NVD
added 2017/03/13 2:59 p.m.16 views

CVE-2017-6807

modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...

6.1CVSS6.7AI score0.01068EPSS
Exploits0References3
CVE
CVE
added 2017/03/13 2:0 p.m.80 views

CVE-2017-6807

CVE-2017-6807 affects mod_auth_mellon prior to 0.13.1, enabling a Cross‑Site Session Transfer where a user’s session cookie from one site on a server can be copied to another site on the same server to gain access. Public disclosures and vendor advisories (e.g., Ubuntu USN-4597-1, various Nessus/...

6.1CVSS6.2AI score0.01068EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder