Lucene search
K
UninettMod Auth Mellon

6 matches found

CVE
CVE
added 2022/08/22 2:49 p.m.172 views

CVE-2021-3639

CVE-2021-3639 affects mod_auth_mellon: a logout URL sanitization flaw could enable phishing by redirecting users from a trusted app to an external, potentially malicious server. Impact via confidentiality and integrity. Patches exist in multiple distributions: Debian LTS shows libapache2-mod-auth...

6.1CVSS5.8AI score0.00752EPSS
CVE
CVE
added 2017/03/13 2:0 p.m.80 views

CVE-2017-6807

CVE-2017-6807 affects mod_auth_mellon prior to 0.13.1, enabling a Cross‑Site Session Transfer where a user’s session cookie from one site on a server can be copied to another site on the same server to gain access. Public disclosures and vendor advisories (e.g., Ubuntu USN-4597-1, various Nessus/...

6.1CVSS6.2AI score0.01068EPSS
CVE
CVE
added 2016/04/15 2:0 p.m.63 views

CVE-2016-2145

CVE-2016-2145 affects mod_auth_mellon before 0.11.1: am_read_post_data does not check ap_get_client_block for errors, enabling DoS via crafted POST data (segfaults/process crashes). Affected products/versions include Red Hat/EulerOS advisories; recommended mitigation is upgrading to at least 0.13...

7.5CVSS7.1AI score0.03065EPSS
CVE
CVE
added 2014/11/14 3:0 p.m.60 views

CVE-2014-8567

CVE-2014-8567 affects the mod_auth_mellon module for Apache (pre-0.8.1). A crafted logout request can trigger a read of uninitialized data, leading to an Apache HTTP server denial-of-service (crash). Public sources consistently describe the issue and its impact as a DoS via logout handling. The v...

9.4CVSS6.3AI score0.03588EPSS
CVE
CVE
added 2016/04/15 2:0 p.m.57 views

CVE-2016-2146

CVE-2016-2145/2146 affect mod_auth_mellon prior to 0.11.1: am_read_post_data does not limit/validate POST data, enabling DoS (worker crash, deadlock, memory consumption). Debug/impact: remote attacker can exploit by sending large POST payloads. Affected product: mod_auth_mellon (web authenticatio...

7.5CVSS7.2AI score0.03397EPSS
CVE
CVE
added 2014/11/15 9:0 p.m.49 views

CVE-2014-8566

CVE-2014-8566 affects the mod_auth_mellon module prior to version 0.8.1. The root cause is a session handling flaw where sessions overlap in memory, described as a “session overflow,” which can allow remote attackers to disclose sensitive information or trigger a denial of service (segmentation f...

6.4CVSS6.4AI score0.02731EPSS