Download
| Alert*
oval:org.secpod.oval:def:503404
The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: open redirect in logout url when u ... oval:org.secpod.oval:def:66467 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: open redirect in logout url when u ... oval:org.secpod.oval:def:110317 The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server. oval:org.secpod.oval:def:66429 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:203482 mod_auth_mellon is installed oval:org.secpod.oval:def:1500799 An updated mod_auth_mellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1600850 Cross-site session transfer vulnerability:It was found that mod_auth_mellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server oval:org.secpod.oval:def:121377 The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server. oval:org.secpod.oval:def:503629 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: Open Redirect via the login?Return ... oval:org.secpod.oval:def:1505663 [0.14.0-12.1] - Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs [rhel-8] oval:org.secpod.oval:def:203480 mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon"s session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user"s ... oval:org.secpod.oval:def:501446 mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon"s session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user"s ... oval:org.secpod.oval:def:1601089 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. oval:org.secpod.oval:def:116192 The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server. oval:org.secpod.oval:def:205495 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: Open Redirect via the login?Return ... oval:org.secpod.oval:def:1700347 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL oval:org.secpod.oval:def:2500073 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. oval:org.secpod.oval:def:205187 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:502641 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:1700169 A vulnerability was found in a previous version of mod_auth_mellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute UR ... oval:org.secpod.oval:def:502653 The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix: * mod_auth_mellon: authentication bypass in ECP flow ... oval:org.secpod.oval:def:1502488 The advisory is missing the security advisory description. For more information please visit the reference link |