31 matches found
MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...
Advisory ROSA-SA-2021-1921
Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...
CentOS 8 : mod_auth_mellon (CESA-2019:0985)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2019:0985 advisory. - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 Note that Nessus has not tested for this issue but has instead relied only on the application's...
Ubuntu: Security Advisory (USN-4597-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4597-1: mod_auth_mellon vulnerabilities
François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1320)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1319)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1321)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : mod_auth_mellon (ELSA-2019-0985)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-0985 advisory. 0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z Tenable has extracted the preceding description...
mod_auth_mellon security update
0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z...
Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)
A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...
Important: Red Hat Security Advisory: mod_auth_mellon security update
An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 8 : mod_auth_mellon (RHSA-2019:0985)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0985 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...
Important: mod24_auth_mellon
Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
Fedora 30 : mod_auth_mellon (2019-2d8ee47f61)
New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2019-1321)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...
EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...
CentOS 7 : mod_auth_mellon (CESA-2019:0766)
An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 6 / 7 : httpd24-httpd and httpd24-mod_auth_mellon (RHSA-2019:0746)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0746 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
Oracle Linux 7 : mod_auth_mellon (ELSA-2019-0766)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0766 advisory. - Resolves: rhbz1697488 - CVE-2019-3877 modauthmellon: open redirect in logout url when using URLs with backslashes - Resolves: rhbz1697488 -...