Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure via the SAML ECP endpoint when specially crafted SOAP requests are sent with varying...

EUVD-2019-13489

Malware in sbrugna...

Advisory ROSA-SA-2021-1921

Software: modauthmellon 0.14.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-3878 CVE-Crit: HIGH CVE-DESC: A vulnerability was discovered in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy server and modauthmellon is configured to allow only authenticated users with the require...

CVE-2019-3878

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_mellon Multiple Vulnerabilities (NS-SA-2019-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthmellon packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass throug...

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

Authentication Bypass

modauthmellon is vulnerable to authentication bypass. Remote unauthenticated attackers could bypass the authentication mechanism via HTTP headers that are normally used to start the special SAML ECP...

mod_auth_mellon: authentication bypass in ECP flow

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

Authentication flaw

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

The CVE-2019-3878 issue affects mod_auth_mellon for Apache before v0.14.2. When Apache runs as a reverse proxy and mod_auth_mellon is set to require valid-user, an attacker can bypass authentication by sending specific HTTP headers used in SAML ECP (non-browser) flows. The connected advisories in...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

[SECURITY] [DSA 4414-1] libapache2-mod-auth-mellon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4414-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 23, 2019 https://www.debian.org/security/faq -...