Описание
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libapache2-mod-auth-mellon | fixed | 0.15.0-1 | package | |
| libapache2-mod-auth-mellon | no-dsa | stretch | package | |
| libapache2-mod-auth-mellon | ignored | jessie | package |
Примечания
https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885
EPSS
Связанные уязвимости
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
ELSA-2020-1660: mod_auth_mellon security and bug fix update (MODERATE)
EPSS