The am_read_post_data function in mod_auth_mellon prior to 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote malicious users to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 23 |
||
uninett mod auth mellon |