DSA-4414-1 libapache2-mod-auth-mellon -- libapache2-mod-auth-mellonID: oval:org.secpod.oval:def:603832 | Date: (C)2019-06-19 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877 It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility. CVE-2019-3878 When mod_auth_mellon is used in an Apache configuration which serves as a remote proxy with the http_proxy module, it was possible to bypass authentication by sending SAML ECP headers.
Product: |
libapache2-mod-auth-mellon |