Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2019-13038
- EPSS 0.12%
- Published 29.06.2019 14:15:09
- Last modified 21.11.2024 04:24:05
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
6.1
CVE-2019-3877
- EPSS 0.83%
- Published 27.03.2019 13:29:01
- Last modified 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forw...
8.1
CVE-2019-3878
- EPSS 3.21%
- Published 26.03.2019 18:29:00
- Last modified 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha...
1