Lucene search
+L

24 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0149: mod_auth_mellon (ALINUX3-SA-2023:0149)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0149 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3639: A flaw was found in modauthmellon...

6.1CVSS6.1AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.21 views

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...

8.5AI score0.03397EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.31 views

Rocky Linux 8 : mod_auth_mellon (RLSA-2022:1934)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1934 advisory. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...

6.1CVSS6AI score0.00752EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2023/09/13 3:36 a.m.16 views

CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4

CVE-2021-3639 affecting package modauthmellon for versions less than 0.16.0-4. A patched version of the package is available...

6.1CVSS6.6AI score0.00752EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.25 views

Amazon Linux AMI : mod24_auth_mellon (ALAS-2023-1765)

The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1765 advisory. A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attack...

6.1CVSS6.1AI score0.00752EPSS
Exploits0References4
Amazon
Amazon
added 2023/06/08 12:0 a.m.30 views

Medium: mod24_auth_mellon

Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
Amazon
Amazon
added 2023/06/07 12:0 a.m.23 views

Medium: mod_auth_mellon

Issue Overview: A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. T...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.18 views

Debian: Security Advisory (DLA-3359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.01423EPSS
Exploits0References4
Debian
Debian
added 2023/03/12 8:45 p.m.30 views

[SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 13, 2023 https://wiki.debian.org/LTS -...

6.1CVSS7.2AI score0.01423EPSS
Exploits0
CVE
CVE
added 2022/08/22 2:49 p.m.175 views

CVE-2021-3639

CVE-2021-3639 affects mod_auth_mellon: a logout URL sanitization flaw could enable phishing by redirecting users from a trusted app to an external, potentially malicious server. Impact via confidentiality and integrity. Patches exist in multiple distributions: Debian LTS shows libapache2-mod-auth...

6.1CVSS5.8AI score0.00752EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2022/08/22 2:49 p.m.30 views

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

6.1CVSS6AI score0.00752EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/05/17 12:0 a.m.18 views

openSUSE: Security Advisory for apache2-mod_auth_mellon (SUSE-SU-2022:1524-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.7AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.26 views

AlmaLinux 8 : mod_auth_mellon (ALSA-2022:1934)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1934 advisory. - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by...

6.1CVSS6AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/11 12:0 a.m.23 views

RHEL 8 : mod_auth_mellon (RHSA-2022:1934)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1934 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...

6.1CVSS6.2AI score0.00752EPSS
Exploits0References6
OSV
OSV
added 2022/05/04 11:46 a.m.3 views

SUSE-SU-2022:1524-1 Security update for apache2-mod_auth_mellon

This update for apache2-modauthmellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs bsc1188926...

6.1CVSS6.2AI score0.00752EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/03/29 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2022-1354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/28 12:0 a.m.30 views

EulerOS 2.0 SP8 : mod_auth_mellon (EulerOS-SA-2022-1354)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...

6.1CVSS6.1AI score0.00752EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/29 12:0 a.m.22 views

Fedora: Security Advisory for mod_auth_mellon (FEDORA-2021-5e033d6641)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.3AI score0.00752EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/26 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2021-2597)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.00752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.30 views

EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2021-2597)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate...

6.1CVSS6.1AI score0.00752EPSS
Exploits0References2
Rows per page
Query Builder