Uninett Mod Auth Mellon vulnerabilities

CVE-2021-3639 [MEDIUM] CWE-601 CVE-2021-3639: A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue coul A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integr

CVE-2019-3877 [MEDIUM] CWE-601 CVE-2019-3877: A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allo A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect U

CVE-2019-3878 [HIGH] CWE-305 CVE-2019-3878: A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse pr A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authenticatio

CVE-2017-6807 [MEDIUM] CWE-79 CVE-2017-6807: mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user wi mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.

CVE-2016-2146 [HIGH] CWE-119 CVE-2016-2146: The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data re The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.

CVE-2016-2145 [HIGH] CWE-20 CVE-2016-2145: The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_ The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

CVE-2014-8566 [MEDIUM] CWE-200 CVE-2014-8566: The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or c The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

CVE-2014-8567 [CRITICAL] CWE-399 CVE-2014-8567: The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.