14 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-6807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their...
RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...
Ubuntu: Security Advisory (USN-4597-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4597-1: mod_auth_mellon vulnerabilities
François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2632)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-2388)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-2632)
According to the version of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a serv...
EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-2388)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a...
Amazon Linux AMI : mod_auth_mellon / mod24_auth_mellon (ALAS-2018-968)
Cross-site session transfer vulnerability : It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one website on a server could use the same session to get access to a different site running on the same server. CVE-2017-6807 C Tenable...
Medium: mod_auth_mellon, mod24_auth_mellon
Issue Overview: Cross-site session transfer vulnerability: It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...
CVE-2017-6807
It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...
CVE-2017-6807
modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...
CVE-2017-6807
CVE-2017-6807 affects mod_auth_mellon prior to 0.13.1, enabling a Cross‑Site Session Transfer where a user’s session cookie from one site on a server can be copied to another site on the same server to gain access. Public disclosures and vendor advisories (e.g., Ubuntu USN-4597-1, various Nessus/...