2 matches found
CVE-2021-3639
CVE-2021-3639 affects mod_auth_mellon: a logout URL sanitization flaw could enable phishing by redirecting users from a trusted app to an external, potentially malicious server. Impact via confidentiality and integrity. Patches exist in multiple distributions: Debian LTS shows libapache2-mod-auth...
CVE-2014-8567
CVE-2014-8567 affects the mod_auth_mellon module for Apache (pre-0.8.1). A crafted logout request can trigger a read of uninitialized data, leading to an Apache HTTP server denial-of-service (crash). Public sources consistently describe the issue and its impact as a DoS via logout handling. The v...