Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...

8.1CVSS7AI score0.02969EPSS
Exploits1References3
Rosalinux
Rosalinux
added 2021/07/02 5:29 p.m.18 views

Advisory ROSA-SA-2021-1921

Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...

8.1CVSS6.8AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.35 views

CentOS 8 : mod_auth_mellon (CESA-2019:0985)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2019:0985 advisory. - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 Note that Nessus has not tested for this issue but has instead relied only on the application's...

8.1CVSS7.7AI score0.02969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/10/23 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-4597-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2020/10/22 12:47 p.m.97 views

USN-4597-1: mod_auth_mellon vulnerabilities

François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...

8.1CVSS6.9AI score0.02969EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1319)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2019-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.35 views

Oracle Linux 8 : mod_auth_mellon (ELSA-2019-0985)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-0985 advisory. 0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z Tenable has extracted the preceding description...

8.1CVSS7.7AI score0.02969EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2019/07/30 12:0 a.m.39 views

mod_auth_mellon security update

0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z...

8.1CVSS3.1AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/21 12:0 a.m.37 views

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/05/07 4:20 a.m.36 views

Important: Red Hat Security Advisory: mod_auth_mellon security update

An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS7.3AI score0.02969EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/05/07 12:0 a.m.27 views

RHEL 8 : mod_auth_mellon (RHSA-2019:0985)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0985 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...

8.1CVSS7.7AI score0.02969EPSS
Exploits1References4
Amazon
Amazon
added 2019/05/02 12:0 a.m.131 views

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7AI score0.02969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.32 views

Fedora 30 : mod_auth_mellon (2019-2d8ee47f61)

New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP5 : mod_auth_mellon (EulerOS-SA-2019-1321)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/04/17 12:0 a.m.29 views

CentOS 7 : mod_auth_mellon (CESA-2019:0766)

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/04/17 12:0 a.m.131 views

RHEL 6 / 7 : httpd24-httpd and httpd24-mod_auth_mellon (RHSA-2019:0746)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0746 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

8.1CVSS7.2AI score0.65005EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2019/04/17 12:0 a.m.33 views

Oracle Linux 7 : mod_auth_mellon (ELSA-2019-0766)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0766 advisory. - Resolves: rhbz1697488 - CVE-2019-3877 modauthmellon: open redirect in logout url when using URLs with backslashes - Resolves: rhbz1697488 -...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
Rows per page
Query Builder