Product:

Mod_auth_mellon

(Uninett)
Repositories https://github.com/UNINETT/mod_auth_mellon
#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2022-08-22 CVE-2021-3639 A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. Mod_auth_mellon 6.1
2014-11-15 CVE-2014-8566 The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." Linux, Mod_auth_mellon N/A
2014-11-14 CVE-2014-8567 The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Mod_auth_mellon N/A
2017-03-13 CVE-2017-6807 mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. Mod_auth_mellon 6.1
2016-04-15 CVE-2016-2146 The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. Fedora, Mod_auth_mellon 7.5
2016-04-15 CVE-2016-2145 The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. Fedora, Mod_auth_mellon 7.5