Uninett » Mod Auth Mellon : Security Vulnerabilities, CVEs,
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
Max CVSS
9.4
EPSS Score
1.71%
Published
2014-11-14
Updated
2019-07-09
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
Max CVSS
7.5
EPSS Score
0.80%
Published
2016-04-15
Updated
2016-04-25
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
Max CVSS
7.5
EPSS Score
0.71%
Published
2016-04-15
Updated
2016-04-25
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
Max CVSS
6.4
EPSS Score
2.67%
Published
2014-11-15
Updated
2019-12-27
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-03-13
Updated
2017-03-15
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-08-22
Updated
2023-02-12
6 vulnerabilities found