CVEs (3)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Canonical FedoraprojectMod Auth Mellon Project+1 more4Fedora Mod Auth MellonUbuntu Linux+1 moreNov 21, 2024 Jun 29, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. |
4Canonical FedoraprojectMod Auth Mellon Project+1 more4Enterprise Linux FedoraMod Auth Mellon+1 moreNov 21, 2024 Mar 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert...Show more |
4Canonical FedoraprojectMod Auth Mellon Project+1 more10Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Mar 26, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), a...Show more |