Lucene search
+L

72 matches found

veracode
veracode
added 2022/02/12 12:41 a.m.28 views

Privilege Escalation

keycloak is vulnerable to privilege escalation. The vulnerability exists due to a flaw in the default ECP binding flow which allows other authentication flows to be bypassed...

6.8CVSS4AI score0.00874EPSS
Exploits0References7Affected Software1
redhatcve
redhatcve
added 2021/09/24 7:13 a.m.63 views

CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

6.8CVSS3AI score0.00874EPSS
Exploits0References4
zdi
zdi
added 2021/07/15 12:0 a.m.375 views

Microsoft Exchange Server ECP Authentication Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication of requests to web services within the ecp web...

6.5CVSS1.2AI score0.97502EPSS
Exploits2References1
rosalinux
rosalinux
added 2021/07/02 5:29 p.m.25 views

Advisory ROSA-SA-2021-1921

Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...

8.1CVSS6.8AI score0.02969EPSS
Exploits1
attackerkb
attackerkb
added 2021/03/03 12:0 a.m.461 views

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting thi...

9.8CVSS8.8AI score0.99999EPSS
In wildExploits65References5
metasploit
metasploit
added 2020/02/28 2:57 a.m.152 views

Exchange Control Panel ViewState Deserialization

This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...

8.8CVSS0.6AI score0.99965EPSS
Exploits30
githubexploit
githubexploit
added 2020/02/27 2:54 a.m.215 views

Exploit for Improper Authentication in Microsoft

cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVE...

9CVSS8.5AI score0.99965EPSS
Exploits30
redhatcve
redhatcve
added 2019/10/08 5:40 p.m.19 views

CVE-2019-3878

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS1.3AI score0.02969EPSS
Exploits1References2
nessus
nessus
added 2019/08/12 12:0 a.m.28 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_mellon Multiple Vulnerabilities (NS-SA-2019-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthmellon packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass throug...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References3
oraclelinux
oraclelinux
added 2019/07/30 12:0 a.m.39 views

mod_auth_mellon security update

0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z...

8.1CVSS3.1AI score0.02969EPSS
Exploits1
nessus
nessus
added 2019/05/21 12:0 a.m.37 views

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
veracode
veracode
added 2019/05/16 3:38 a.m.30 views

Authentication Bypass

modauthmellon is vulnerable to authentication bypass. Remote unauthenticated attackers could bypass the authentication mechanism via HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS8.2AI score0.02969EPSS
Exploits1References13Affected Software4
redhat
redhat
added 2019/05/07 4:20 a.m.5 views

mod_auth_mellon: authentication bypass in ECP flow

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS5.7AI score0.02969EPSS
Exploits1References5
nessus
nessus
added 2019/05/07 12:0 a.m.32 views

Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
amazon
amazon
added 2019/05/02 12:0 a.m.131 views

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7AI score0.02969EPSS
Exploits1
nessus
nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
nessus
nessus
added 2019/05/01 12:0 a.m.23 views

EulerOS 2.0 SP3 : mod_auth_mellon (EulerOS-SA-2019-1320)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
mskb
mskb
added 2019/04/09 7:0 a.m.1480 views

Update Rollup 27 for Exchange Server 2010 Service Pack 3

None None...

5.8CVSS6.7AI score0.0229EPSS
Exploits0
prion
prion
added 2019/03/26 6:29 p.m.20 views

Authentication flaw

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

6.8CVSS7.6AI score0.02969EPSS
Exploits1References9Affected Software10
osv
osv
added 2019/03/26 6:29 p.m.24 views

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS6.4AI score0.02969EPSS
Exploits1References9
Rows per page
Query Builder