Описание
ELSA-2020-1660: mod_auth_mellon security and bug fix update (MODERATE)
[0.14.0-11]
- Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-8]
[0.14.0-10]
- Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name X-Requested-With
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
mod_auth_mellon
0.14.0-11.el8
mod_auth_mellon-diagnostics
0.14.0-11.el8
Oracle Linux x86_64
mod_auth_mellon
0.14.0-11.el8
mod_auth_mellon-diagnostics
0.14.0-11.el8
Связанные CVE
Связанные уязвимости
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.