Mod Auth Mellon

mod_auth_mellon

Vendor: Uninett • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3639 1Uninett 1Mod Auth Mellon Nov 21, 2024 Aug 22, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL th...Show more A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.Show less
CVE-2017-6807 1Uninett 1Mod Auth Mellon May 13, 2026 Mar 13, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server t...Show more mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.Show less
CVE-2016-2146 2Fedoraproject Uninett 2Fedora Mod Auth Mellon May 6, 2026 Apr 15, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory con...Show more The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.Show less
CVE-2016-2145 2Fedoraproject Uninett 2Fedora Mod Auth Mellon May 6, 2026 Apr 15, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and proc...Show more The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.Show less
CVE-2014-8566 2Oracle Uninett 2Linux Mod Auth Mellon May 6, 2026 Nov 15, 2014 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "session...Show more The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."Show less
CVE-2014-8567 2Redhat Uninett 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 more May 6, 2026 Nov 14, 2014 N/A· v4 N/A· v3 9.4 HIGH· v2 The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.