Download
| Alert*
oval:org.secpod.oval:def:54105
libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:67189 libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:66429 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:70621 Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877 It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility. CVE-2019-3878 When mod_auth_mellon is used in an Apache con ... oval:org.secpod.oval:def:1600994 A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users , adding special HTTP headers that are normally used to start the special SAML ECP can be used to bypass authentication. A vulnerability ... oval:org.secpod.oval:def:116192 The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server. oval:org.secpod.oval:def:205187 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:502653 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:705715 libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:1502488 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603832 Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877 It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility. CVE-2019-3878 When mod_auth_mellon is used in an Apache con ... oval:org.secpod.oval:def:502641 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:1700169 A vulnerability was found in a previous version of mod_auth_mellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute UR ... oval:org.secpod.oval:def:1502611 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:704854 libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:505035 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: privilege escalation from modules scripts * mod_auth_mellon: authent ... |