CVE-2021-3639 – mod_auth_mellon: Open Redirect vulnerability in logout URLs
https://notcve.org/view.php?id=CVE-2021-3639
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. Se ha encontrado un fallo en mod_auth_mellon que no sanea correctamente las URL de cierre de sesión. Este problema podría ser usado por un atacante para facilitar los ataques de phishing engañando a usuarios para que visiten la URL de una aplicación web confiable que redirige a un servidor externo y potencialmente malicioso. • https://access.redhat.com/security/cve/CVE-2021-3639 https://bugzilla.redhat.com/show_bug.cgi?id=1980648 https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-32642 – Missing input validation in dynamic discovery example scripts.
https://notcve.org/view.php?id=CVE-2021-32642
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. • https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2017-6807
https://notcve.org/view.php?id=CVE-2017-6807
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. mod_auth_mellon en versiones anteriores a 0.13.1 es vulnerable a un ataque de Transferencia de Sesión en Sitios Cruzados, donde un usuario con acceso a un sitio web ejecutándose en un servidor puede copiar su cookie de sesión a un sitio web diferente en el mismo servidor para obtener acceso a dicho sitio. • http://www.securityfocus.com/bid/96843 https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.13.1 https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2017-03/msg00008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2145
https://notcve.org/view.php?id=CVE-2016-2145
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. La función am_read_post_data en mod_auth_mellon en versiones anteriores a 0.11.1 no comprueba si la función ap_get_client_block devuelve un error, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída de proceso) a través de unos datos POST manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html https://github.com/UNINETT/mod_auth_mellon/pull/71 https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html • CWE-20: Improper Input Validation •
CVE-2016-2146
https://notcve.org/view.php?id=CVE-2016-2146
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. La función am_read_post_data en mod_auth_mellon en versiones anteriores a 0.11.1 no limita la cantidad de lectura de datos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del proceso trabajador, interbloqueo de servidor de red o consumo de memoria) a través de una gran cantidad de daots POST. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html https://github.com/UNINETT/mod_auth_mellon/pull/71 https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •