Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3877

Опубликовано: 22 мар. 2019
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6mod_auth_mellonWill not fix
Red Hat Software Collectionshttpd24-mod_auth_mellonWill not fix
Red Hat Enterprise Linux 7mod_auth_mellonFixedRHSA-2019:076616.04.2019
Red Hat Enterprise Linux 8mod_auth_mellonFixedRHSA-2019:342105.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1691125mod_auth_mellon: open redirect in logout url when using URLs with backslashes

EPSS

Процентиль: 74%
0.00811
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3877

CVSS3: 5.8
ubuntu
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

nvd логотип

CVE-2019-3877

CVSS3: 5.8
nvd
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

debian логотип

CVE-2019-3877

CVSS3: 5.8
debian
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. An open r ...

github логотип

GHSA-qr9h-f4fq-2h85

CVSS3: 6.1
github
больше 3 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

oracle-oval логотип

ELSA-2019-3421

oracle-oval
около 6 лет назад

ELSA-2019-3421: mod_auth_mellon security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 74%
0.00811
Низкий

6.1 Medium

CVSS3