what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2019-3877

Status Candidate

Overview

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

Related Files

Ubuntu Security Notice USN-4597-1
Posted Oct 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4597-1 - Fran

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-6807, CVE-2019-3877, CVE-2019-3878
SHA-256 | 09336a49eed8cd5c0c22be259e0560889f364e68a7dd2c5b8ffd80faaa76229c
Red Hat Security Advisory 2019-3421-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3421-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. An open redirect was addressed.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-3877
SHA-256 | 6a26ede9753d5731c94a12f7cfb73d5bd2224376a87ee226ecad49d4b5af77f6
Red Hat Security Advisory 2019-0766-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 012f4ad04dfc61c3c09c658d481c74c8f64bfaf993d2963c62ffa6799022add7
Ubuntu Security Notice USN-3924-1
Posted Mar 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3924-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 050440098b7905b5366401174e130c5f5be982facf561860a0ad8199296d78ed
Debian Security Advisory 4414-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close