Mod Auth Mellon Project - Mod Auth Mellon CVE

Filtered by vendor Mod Auth Mellon Project Subscribe

Filtered by product Mod Auth Mellon

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-3878	4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more	10 Ubuntu Linux, Fedora, Mod Auth Mellon and 7 more	2019-05-07	6.8 MEDIUM	8.1 HIGH
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Vulnerabilities (CVE)