Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mod Auth Mellon Project Security Vulnerabilities

cve
cve

CVE-2019-3877

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL....

6.1CVSS

6.6AI Score

0.002EPSS

2019-03-27 01:29 PM
53
cve
cve

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML...

8.1CVSS

7.7AI Score

0.018EPSS

2019-03-26 06:29 PM
78
cve
cve

CVE-2019-13038

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target...

6.1CVSS

6.2AI Score

0.003EPSS

2019-06-29 02:15 PM
96
4