Vulnerabilities > Uninett > MOD Auth Mellon > 0.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-22 | CVE-2021-3639 | Open Redirect vulnerability in Uninett MOD Auth Mellon A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. | 6.1 |
2017-03-13 | CVE-2017-6807 | Cross-site Scripting vulnerability in Uninett MOD Auth Mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | 4.3 |
2016-04-15 | CVE-2016-2146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. | 5.0 |
2016-04-15 | CVE-2016-2145 | Improper Input Validation vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. | 5.0 |
2014-11-15 | CVE-2014-8566 | Information Exposure vulnerability in multiple products The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." | 6.4 |
2014-11-14 | CVE-2014-8567 | Resource Management Errors vulnerability in multiple products The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data. | 9.4 |