CVE-2019-13038

Published: Jun 29, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2019-e8d74ece30

vendor-advisory

FEDORA-2019-1444823e77

vendor-advisory

USN-4291-1

vendor-advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885

[debian-lts-announce] 20230312 [SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-13038

Description

Affected Products

References