TROYANOSYVIRUS
Back to CVEs

CVE-2019-3878

N/A

Description

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

CVE Details

CVSS v3.1 ScoreN/A
Published3/26/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxfedoraproject:fedoramod_auth_mellon_project:mod_auth_mellonredhat:enterprise_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstation

Weaknesses (CWE)

CWE-305CWE-287

References

https://access.redhat.com/errata/RHBA-2019:0959(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:0746(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:0766(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:0985(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878(secalert@redhat.com)
https://github.com/Uninett/mod_auth_mellon/pull/196(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/(secalert@redhat.com)
https://usn.ubuntu.com/3924-1/(secalert@redhat.com)
https://access.redhat.com/errata/RHBA-2019:0959(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0746(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0766(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0985(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Uninett/mod_auth_mellon/pull/196(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3924-1/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.