[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2020-1331 --- mod_auth_mellon mod24_auth_mellon

ID: oval:org.secpod.oval:def:1601089Date: (C)2020-01-14   (M)2023-11-10
Class: PATCHFamily: unix




mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Platform:
Amazon Linux AMI
Product:
mod_auth_mellon
mod24_auth_mellon
Reference:
ALAS-2020-1331
CVE-2019-13038
CVE    1
CVE-2019-13038
CPE    3
cpe:/o:amazon:linux
cpe:/a:mod_auth_mellon:mod_auth_mellon
cpe:/a:mod24_auth_mellon:mod24_auth_mellon

© SecPod Technologies