Skip to main content

Mod Auth Mellon

8 CVEs product

Monthly

CVE-2019-13038 MEDIUM PATCH This Month

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Mod Auth Mellon Zfs Storage Appliance Kit Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-3877 MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora Enterprise Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-3878 HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon Fedora Enterprise Linux +7
NVD GitHub
CVSS 3.0
8.1
EPSS
3.0%
CVE-2017-6807 MEDIUM PATCH This Month

mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mod Auth Mellon
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-2146 HIGH PATCH This Week

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Fedora Mod Auth Mellon
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2145 HIGH PATCH This Week

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Mod Auth Mellon
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-8566 MEDIUM PATCH This Month

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Mod Auth Mellon Linux
NVD GitHub
CVSS 2.0
6.4
EPSS
0.9%
CVE-2014-8567 CRITICAL Act Now

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Mod Auth Mellon Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 2.0
9.4
EPSS
3.6%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Mod Auth Mellon Zfs Storage Appliance Kit +2
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora +2
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon +9
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mod Auth Mellon
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Fedora +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Mod Auth Mellon
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Mod Auth Mellon +1
NVD GitHub
EPSS 4% CVSS 9.4
CRITICAL Act Now

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Mod Auth Mellon +6
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy