Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3878

Опубликовано: 26 мар. 2019
Источник: nvd
CVSS3: 8.1
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*
Версия до 0.14.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03149
Низкий

8.1 High

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-305
CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2019-3878

CVSS3: 8.1
ubuntu
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

redhat логотип

CVE-2019-3878

CVSS3: 8.1
redhat
больше 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

debian логотип

CVE-2019-3878

CVSS3: 8.1
debian
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...

github логотип

GHSA-6gx9-985p-w8c8

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

oracle-oval логотип

ELSA-2019-0985

oracle-oval
больше 6 лет назад

ELSA-2019-0985: mod_auth_mellon security update (IMPORTANT)

EPSS

Процентиль: 87%
0.03149
Низкий

8.1 High

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-305
CWE-287