Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : mod_auth_mellon-0.14.0-8.el7 (AXSA:2020-4541:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4541:01 advisory. modauthmellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft CVE-2019-13038 Tenable has extracted the preceding...

6.1CVSS7.8AI score0.01423EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : mod_auth_mellon-0.14.0-12.el8.1 (AXSA:2022-3531:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3531:01 advisory. modauthmellon: Open Redirect vulnerability in logout URLs CVE-2021-3639 Tenable has extracted the preceding description block directly from the MiracleLinux...

6.1CVSS5.6AI score0.00752EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/05/10 2:2 p.m.4 views

mod_auth_mellon: Open Redirect vulnerability in logout URLs

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

6.1CVSS5.7AI score0.00752EPSS
Exploits0References4
OSV
OSV
added 2020/10/22 12:47 p.m.7 views

USN-4597-1 libapache2-mod-auth-mellon vulnerabilities

François Kooman discovered that modauthmellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. CVE-2017-6807 It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/06/20 12:0 a.m.3 views

PT-2019-5693 · Apache +3 · Mod Auth Mellon +4

Name of the Vulnerable Software and Affected Versions: mod auth mellon versions 0.14.2 and earlier Description: The issue is related to an Open Redirect via the login?ReturnTo= substring. This can be exploited by omitting the // after http: in the target URL, allowing a remote attacker to redirec...

6.4CVSS6.5AI score0.01423EPSS
Exploits0References36
OSV
OSV
added 2019/03/21 12:0 a.m.4 views

UBUNTU-CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.2AI score0.02969EPSS
Exploits1References5
OSV
OSV
added 2017/03/13 2:59 p.m.1 views

DEBIAN-CVE-2017-6807

modauthmellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site...

6.1CVSS6.6AI score0.01068EPSS
Exploits0References1
Rows per page
Query Builder