Executive Summary

Informations
NameCVE-2019-3878First vendor Publication2019-03-26
VendorCveLast vendor Modification2019-05-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878

CWE : Common Weakness Enumeration

%idName
100 %CWE-287Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2
Os2
Os1
Os1
Os1
Os1
Os1
Os1
Os1

Sources (Detail)

SourceUrl
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878
https://github.com/Uninett/mod_auth_mellon/pull/196
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
REDHAT https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0746
https://access.redhat.com/errata/RHSA-2019:0766
https://access.redhat.com/errata/RHSA-2019:0985
UBUNTU https://usn.ubuntu.com/3924-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2019-05-07 13:19:24
  • Multiple Updates
2019-04-17 21:19:23
  • Multiple Updates
2019-04-17 00:19:12
  • Multiple Updates
2019-04-11 21:19:31
  • Multiple Updates
2019-04-10 12:08:37
  • Multiple Updates
2019-04-03 21:19:41
  • Multiple Updates
2019-04-02 09:18:54
  • Multiple Updates
2019-03-29 00:19:18
  • Multiple Updates
2019-03-28 00:19:06
  • Multiple Updates
2019-03-27 00:19:11
  • First insertion