Download
| Alert*
|
oval:org.secpod.oval:def:1600995
mod24_auth_mellon is installed oval:org.secpod.oval:def:1601089 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. oval:org.secpod.oval:def:1600994 A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users , adding special HTTP headers that are normally used to start the special SAML ECP can be used to bypass authentication. A vulnerability ... |
