exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2019-3878

Status Candidate

Overview

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Related Files

Ubuntu Security Notice USN-4597-1
Posted Oct 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4597-1 - Fran

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-6807, CVE-2019-3877, CVE-2019-3878
SHA-256 | 09336a49eed8cd5c0c22be259e0560889f364e68a7dd2c5b8ffd80faaa76229c
Red Hat Security Advisory 2019-0985-01
Posted May 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0985-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3878
SHA-256 | 0125077032659c23bab04ac7f7d1d43fbaa2dd7903083d00b0ea006b173b0fbf
Red Hat Security Advisory 2019-0766-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 012f4ad04dfc61c3c09c658d481c74c8f64bfaf993d2963c62ffa6799022add7
Red Hat Security Advisory 2019-0746-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0746-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-0211, CVE-2019-3878
SHA-256 | 202bd8c08a315a52b0d871b6653eba41c7ffe2586133300b1cfc9f7fb04287e6
Ubuntu Security Notice USN-3924-1
Posted Mar 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3924-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 050440098b7905b5366401174e130c5f5be982facf561860a0ad8199296d78ed
Debian Security Advisory 4414-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close