4.3
CVSSv2

CVE-2019-13038

Published: 29/06/2019 Updated: 28/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

mod_auth_mellon up to and including 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mod auth mellon project mod auth mellon

Vendor Advisories

Synopsis Moderate: mod_auth_mellon security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Synopsis Moderate: mod_auth_mellon security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Debian Bug report logs - #931265 libapache2-mod-auth-mellon: CVE-2019-13038 Package: src:libapache2-mod-auth-mellon; Maintainer for src:libapache2-mod-auth-mellon is Thijs Kinkhorst <thijs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 29 Jun 2019 20:27:02 UTC Severity: important Tags: ...
libapache2-mod-auth-mellon could be made to redirect users to malicious sites ...
mod_auth_mellon through 0142 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL(CVE-2019-13038 ) ...
Impact: Moderate Public Date: 2019-06-20 CWE: CWE-601 Bugzilla: 1725740: CVE-2019-13038 mod_auth_mellon ...
mod_auth_mellon through 0142 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL (CVE-2019-13038 ) ...