Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3878

Опубликовано: 26 мар. 2019
Источник: debian

Описание

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libapache2-mod-auth-mellonfixed0.14.2-1package
libapache2-mod-auth-mellonnot-affectedjessiepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1576719

  • https://github.com/Uninett/mod_auth_mellon/pull/196

  • https://github.com/Uninett/mod_auth_mellon/commit/e09a28a30e13e5c22b481010f26b4a7743a09280

Связанные уязвимости

ubuntu логотип

CVE-2019-3878

CVSS3: 8.1
ubuntu
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

redhat логотип

CVE-2019-3878

CVSS3: 8.1
redhat
больше 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

nvd логотип

CVE-2019-3878

CVSS3: 8.1
nvd
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

github логотип

GHSA-6gx9-985p-w8c8

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

oracle-oval логотип

ELSA-2019-0985

oracle-oval
больше 6 лет назад

ELSA-2019-0985: mod_auth_mellon security update (IMPORTANT)