Modauthmellonproject Mod Auth Mellon
By the Year
In 2021 there have been 0 vulnerabilities in Modauthmellonproject Mod Auth Mellon . Mod Auth Mellon did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 3 | 6.77 |
2018 | 0 | 0.00 |
It may take a day or so for new Mod Auth Mellon vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Modauthmellonproject Mod Auth Mellon Security Vulnerabilities
mod_auth_mellon through 0.14.2 has an Open Redirect
CVE-2019-13038
6.1 - Medium
- June 29, 2019
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
CVE-2019-13038 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Open Redirect
A vulnerability was found in mod_auth_mellon before v0.14.2
CVE-2019-3877
6.1 - Medium
- March 27, 2019
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
CVE-2019-3877 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Open Redirect
A vulnerability was found in mod_auth_mellon before v0.14.2
CVE-2019-3878
8.1 - High
- March 26, 2019
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
CVE-2019-3878 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
authentification