what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2019-3877

Status Candidate

Overview

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

Related Files

Ubuntu Security Notice USN-4597-1
Posted Oct 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4597-1 - Fran

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-6807, CVE-2019-3877, CVE-2019-3878
SHA-256 | 09336a49eed8cd5c0c22be259e0560889f364e68a7dd2c5b8ffd80faaa76229c
Red Hat Security Advisory 2019-3421-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3421-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. An open redirect was addressed.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-3877
SHA-256 | 6a26ede9753d5731c94a12f7cfb73d5bd2224376a87ee226ecad49d4b5af77f6
Red Hat Security Advisory 2019-0766-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 012f4ad04dfc61c3c09c658d481c74c8f64bfaf993d2963c62ffa6799022add7
Ubuntu Security Notice USN-3924-1
Posted Mar 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3924-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 050440098b7905b5366401174e130c5f5be982facf561860a0ad8199296d78ed
Debian Security Advisory 4414-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close