Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...

8.1CVSS7AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2019-3877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that ...

6.1CVSS6.6AI score0.02131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - The...

7.5CVSS7.4AI score0.03397EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.21 views

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...

8.5AI score0.03397EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 8 : mod_auth_mellon (ELSA-2019-3421)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3421 advisory. - Resolves: rhbz1692471 - CVE-2019-3877 appstream/modauthmellon: open redirect in logout url when using URLs with backslashes rhel-8 - Resolves: rhbz1692471 -...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.31 views

CentOS 8 : mod_auth_mellon (CESA-2019:3421)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3421 advisory. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 Note that Nessus has not tested for this issue but has instead relie...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/10/23 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-4597-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2020/10/22 12:47 p.m.96 views

USN-4597-1: mod_auth_mellon vulnerabilities

François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...

8.1CVSS6.9AI score0.02969EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1319)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
NVD
NVD
added 2019/11/26 12:15 p.m.23 views

CVE-2019-14857

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...

6.1CVSS6.6AI score0.01535EPSS
Exploits0References6
Prion
Prion
added 2019/11/26 12:15 p.m.22 views

Open redirect

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...

5.8CVSS5.9AI score0.02131EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/11/26 11:56 a.m.26 views

CVE-2019-14857

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...

5.8CVSS6.2AI score0.01535EPSS
Exploits0References6
CVE
CVE
added 2019/11/26 11:56 a.m.212 views

CVE-2019-14857

CVE-2019-14857 affects mod_auth_openidc prior to 2.4.0.1 and describes an open redirect vulnerability in logout URL handling for URLs with leading slashes (and related trailing slash cases). The issue can allow attackers to redirect victims to a potentially malicious site during logout, with cite...

6.1CVSS6.4AI score0.01535EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/21 12:0 a.m.36 views

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
Amazon
Amazon
added 2019/05/02 12:0 a.m.131 views

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.32 views

Fedora 30 : mod_auth_mellon (2019-2d8ee47f61)

New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2019-1321)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Rows per page
Query Builder