Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3878

Опубликовано: 26 мар. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 6.8
CVSS3: 8.1

Описание

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

РелизСтатусПримечание
bionic

released

0.13.1-1ubuntu0.1
cosmic

released

0.14.0-1ubuntu0.1
devel

released

0.14.2-1ubuntu1
disco

released

0.14.2-1ubuntu1
eoan

released

0.14.2-1ubuntu1
esm-apps/xenial

released

0.12.0-2+deb9u1build0.16.04.1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needs-triage]
esm-infra/bionic

released

0.13.1-1ubuntu0.1
esm-infra/focal

released

0.14.2-1ubuntu1
focal

released

0.14.2-1ubuntu1

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3878

CVSS3: 8.1
redhat
больше 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

nvd логотип

CVE-2019-3878

CVSS3: 8.1
nvd
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

debian логотип

CVE-2019-3878

CVSS3: 8.1
debian
почти 7 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...

github логотип

GHSA-6gx9-985p-w8c8

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

oracle-oval логотип

ELSA-2019-0985

oracle-oval
больше 6 лет назад

ELSA-2019-0985: mod_auth_mellon security update (IMPORTANT)

6.8 Medium

CVSS2

8.1 High

CVSS3