CVE-2019-13038

Опубликовано: 20 июн. 2019

Источник: redhat

CVSS3: 6.1

Описание

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	mod_auth_mellon	Out of support scope
Red Hat Software Collections	httpd24-mod_auth_mellon	Will not fix
Red Hat Enterprise Linux 7	mod_auth_mellon	Fixed	RHSA-2020:1003	31.03.2020
Red Hat Enterprise Linux 8	mod_auth_mellon	Fixed	RHSA-2020:1660	28.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-601

https://bugzilla.redhat.com/show_bug.cgi?id=1725740mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2019-13038

CVSS3: 6.1

ubuntu

больше 6 лет назад

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

CVE-2019-13038

CVSS3: 6.1

nvd

больше 6 лет назад

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

CVE-2019-13038

CVSS3: 6.1

debian

больше 6 лет назад

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...

GHSA-67h8-fxm4-vr72

CVSS3: 6.1

github

больше 3 лет назад

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

ELSA-2020-1660

oracle-oval

почти 6 лет назад

ELSA-2020-1660: mod_auth_mellon security and bug fix update (MODERATE)

6.1 Medium

CVSS3