CVE-2021-3639 – mod_auth_mellon: Open Redirect vulnerability in logout URLs
https://notcve.org/view.php?id=CVE-2021-3639
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. Se ha encontrado un fallo en mod_auth_mellon que no sanea correctamente las URL de cierre de sesión. Este problema podría ser usado por un atacante para facilitar los ataques de phishing engañando a usuarios para que visiten la URL de una aplicación web confiable que redirige a un servidor externo y potencialmente malicioso. • https://access.redhat.com/security/cve/CVE-2021-3639 https://bugzilla.redhat.com/show_bug.cgi?id=1980648 https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-13038 – mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft
https://notcve.org/view.php?id=CVE-2019-13038
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. mod_auth_mellon hasta versión 0.14.2, presenta un problema de Redireccionamiento Abierto por medio de la subcadena login?ReturnTo=, como es demostrado al omitir el // después de http: en la URL de destino. • https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 https://lists.debian.org/debian-lts-announce/2023/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5E3JVHURJJNDP63CKVX5O5MJAGCQV4K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XU5GVFZW3C2M4ZBL4F7UP7N24FNUCX4E https://usn.ubuntu.com/4291-1 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-3877 – mod_auth_mellon: open redirect in logout url when using URLs with backslashes
https://notcve.org/view.php?id=CVE-2019-3877
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. Se ha detectado una vulnerabilidad en mod_auth_mellon, en anteriores a la v0.14.2. Una redirección abierta en la URL de cierre de sesión permite que las peticiones con barras invertidas pasen asumiendo que es una URL relativa, mientras que los navegadores convierten silenciosamente los caracteres de barra invertida en barras, tratándolos como una URL absoluta. • https://access.redhat.com/errata/RHSA-2019:0766 https://access.redhat.com/errata/RHSA-2019:3421 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877 https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8 https://github.com/Uninett/mod_auth_mellon/issues/35 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-3878 – mod_auth_mellon: authentication bypass in ECP flow
https://notcve.org/view.php?id=CVE-2019-3878
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. Se ha detectado una vulnerabilidad en mod_auth_mellon, en versiones anteriores a la v0.14.2. Si Apache está configurado como proxy inverso y mod_auth_mellon está configurado para que solo deje acceder a los usuarios autenticados (con la directiva "require valid-user"), la adición de cabeceras HTTP especiales que se suelen emplear para iniciar el SAML ECP especial (no basado en el navegador) puede emplearse para omitir la autenticación. A vulnerability was found in mod_auth_mellon. • https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0746 https://access.redhat.com/errata/RHSA-2019:0766 https://access.redhat.com/errata/RHSA-2019:0985 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878 https://github.com/Uninett/mod_auth_mellon/pull/196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ https://lists.fedoraproject.org/archives/list/package-announce%40lists. • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVE-2017-6807
https://notcve.org/view.php?id=CVE-2017-6807
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. mod_auth_mellon en versiones anteriores a 0.13.1 es vulnerable a un ataque de Transferencia de Sesión en Sitios Cruzados, donde un usuario con acceso a un sitio web ejecutándose en un servidor puede copiar su cookie de sesión a un sitio web diferente en el mismo servidor para obtener acceso a dicho sitio. • http://www.securityfocus.com/bid/96843 https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.13.1 https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2017-03/msg00008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •