Описание
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
Ссылки
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
A flaw was found in mod_auth_mellon where it does not sanitize logout ...
EPSS
6.1 Medium
CVSS3