24 matches found
Alibaba Cloud Linux 3 : 0149: mod_auth_mellon (ALINUX3-SA-2023:0149)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0149 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3639: A flaw was found in modauthmellon...
RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...
Rocky Linux 8 : mod_auth_mellon (RLSA-2022:1934)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1934 advisory. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...
CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4
CVE-2021-3639 affecting package modauthmellon for versions less than 0.16.0-4. A patched version of the package is available...
Amazon Linux AMI : mod24_auth_mellon (ALAS-2023-1765)
The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1765 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attack...
Medium: mod24_auth_mellon
Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...
Medium: mod_auth_mellon
Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...
Debian: Security Advisory (DLA-3359-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 13, 2023 https://wiki.debian.org/LTS -...
CVE-2021-3639
CVE-2021-3639 affects mod_auth_mellon: a logout URL sanitization flaw could enable phishing by redirecting users from a trusted app to an external, potentially malicious server. Impact via confidentiality and integrity. Patches exist in multiple distributions: Debian LTS shows libapache2-mod-auth...
CVE-2021-3639
A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...
openSUSE: Security Advisory for apache2-mod_auth_mellon (SUSE-SU-2022:1524-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
AlmaLinux 8 : mod_auth_mellon (ALSA-2022:1934)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1934 advisory. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...
RHEL 8 : mod_auth_mellon (RHSA-2022:1934)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1934 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...
SUSE-SU-2022:1524-1 Security update for apache2-mod_auth_mellon
This update for apache2-modauthmellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs bsc1188926...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2022-1354)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : mod_auth_mellon (EulerOS-SA-2022-1354)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...
Fedora: Security Advisory for mod_auth_mellon (FEDORA-2021-5e033d6641)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2021-2597)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2021-2597)
According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...