Modauthmellonproject Mod Auth Mellon
By the Year
In 2024 there have been 0 vulnerabilities in Modauthmellonproject Mod Auth Mellon . Mod Auth Mellon did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 6.77 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Mod Auth Mellon vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Modauthmellonproject Mod Auth Mellon Security Vulnerabilities
mod_auth_mellon through 0.14.2 has an Open Redirect
CVE-2019-13038
6.1 - Medium
- June 29, 2019
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
Open Redirect
A vulnerability was found in mod_auth_mellon before v0.14.2
CVE-2019-3877
6.1 - Medium
- March 27, 2019
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
Open Redirect
A vulnerability was found in mod_auth_mellon before v0.14.2
CVE-2019-3878
8.1 - High
- March 26, 2019
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Modauthmellonproject? Click the Watch button to subscribe.
