RSS   Podatności dla 'Mod auth mellon'   RSS

2017-03-13
 
CVE-2017-6807

 

 
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.

 
2016-04-15
 
CVE-2016-2146

 

 
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.

 
 
CVE-2016-2145

 

 
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

 
2014-11-15
 
CVE-2014-8566

 

 
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

 
2014-11-14
 
CVE-2014-8567

CWE-399
 

 
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

 

 >>> Vendor: Uninett 2 Produkty
Radsecproxy
Mod auth mellon


Copyright 2024, cxsecurity.com

 

Back to Top