Mod Auth Mellon Modauthmellonproject Mod Auth Mellon

stack.watch can email you when security vulnerabilities are reported in Modauthmellonproject Mod Auth Mellon. You can add multiple products that you use with Mod Auth Mellon to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Modauthmellonproject Mod Auth Mellon . Mod Auth Mellon did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 3 6.77
2018 0 0.00

It may take a day or so for new Mod Auth Mellon vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Modauthmellonproject Mod Auth Mellon Security Vulnerabilities

mod_auth_mellon through 0.14.2 has an Open Redirect

CVE-2019-13038 6.1 - Medium - June 29, 2019

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

CVE-2019-13038 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

A vulnerability was found in mod_auth_mellon before v0.14.2

CVE-2019-3877 6.1 - Medium - March 27, 2019

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

CVE-2019-3877 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

A vulnerability was found in mod_auth_mellon before v0.14.2

CVE-2019-3878 8.1 - High - March 26, 2019

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

CVE-2019-3878 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

authentification