32 matches found
MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...
Linux Distros Unpatched Vulnerability : CVE-2019-3877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that ...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - The...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...
Oracle Linux 8 : mod_auth_mellon (ELSA-2019-3421)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3421 advisory. - Resolves: rhbz1692471 - CVE-2019-3877 appstream/modauthmellon: open redirect in logout url when using URLs with backslashes rhel-8 - Resolves: rhbz1692471 -...
CentOS 8 : mod_auth_mellon (CESA-2019:3421)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3421 advisory. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 Note that Nessus has not tested for this issue but has instead relie...
Ubuntu: Security Advisory (USN-4597-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4597-1: mod_auth_mellon vulnerabilities
François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1321)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1319)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1320)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
Open redirect
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
CVE-2019-14857
CVE-2019-14857 affects mod_auth_openidc prior to 2.4.0.1 and describes an open redirect vulnerability in logout URL handling for URLs with leading slashes (and related trailing slash cases). The issue can allow attackers to redirect victims to a potentially malicious site during logout, with cite...
Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)
A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...
Important: mod24_auth_mellon
Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
Fedora 30 : mod_auth_mellon (2019-2d8ee47f61)
New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...
EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2019-1321)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...