29 matches found
MiracleLinux 8 : mod_auth_mellon-0.14.0-11.el8 (AXSA:2020-330:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-330:02 advisory. modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft CVE-2019-13038 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2019-13038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...
Oracle Linux 8 : mod_auth_mellon (ELSA-2020-1660)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1660 advisory. - Resolves: rhbz1731053 - CVE-2019-13038 modauthmellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft rhel-8 Tenab...
Debian: Security Advisory (DLA-3359-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 13, 2023 https://wiki.debian.org/LTS -...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2022-1903)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2022-1903)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the...
FreeBSD : mod_auth_mellon -- Redirect URL validation bypass (7bba5b3b-1b7f-11ec-b335-d4c9ef517024)
Jakub Hrozek reports : Version 0.17.0 and older of modauthmellon allows the redirect URL validation to be bypassed by specifying an URL formatted as ///fishing-site.example.com/logout.html %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CentOS 8 : mod_auth_mellon (CESA-2020:1660)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1660 advisory. - modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft CVE-2019-13038 Note that Nessus has not tested for thi...
NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_mellon Vulnerability (NS-SA-2020-0106)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthmellon packages installed that are affected by a vulnerability: - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...
NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_mellon Vulnerability (NS-SA-2020-0072)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthmellon packages installed that are affected by a vulnerability: - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...
Amazon Linux 2 : mod_auth_mellon (ALAS-2020-1436)
The version of modauthmellon installed on the remote host is prior to 0.14.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1436 advisory. modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // afte...
Medium: mod_auth_mellon
Issue Overview: modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. CVE-2019-13038 Affected Packages: modauthmellon Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit thi...
Moderate: mod_auth_mellon security and bug fix update
The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect via the login?ReturnT...
Scientific Linux Security Update : mod_auth_mellon on SL7.x x86_64 (20200407)
modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135822; scriptversion"1.3";...
mod_auth_mellon security and bug fix update
0.14.0-8 - Resolves: rhbz1731052 - CVE-2019-13038 modauthmellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft rhel-7 0.14.0-7 - Resolves: rhbz1727789 - modauthmellon fix for AJAX header name X-Requested-With 0.14.0-6 - Apply the patch from the previo...
Moderate: Red Hat Security Advisory: mod_auth_mellon security and bug fix update
An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 7 : mod_auth_mellon (RHSA-2020:1003)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1003 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...
Amazon Linux AMI : mod_auth_mellon, mod24_auth_mellon (ALAS-2020-1331)
The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.9. The version of modauthmellon installed on the remote host is prior to 0.13.1-1.6. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1331 advisory. modauthmellon through 0.14.2 has an Ope...