Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-13038

Published: 29/06/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mod Auth Mellon Project

Vulnerability Summary

mod_auth_mellon up to and including 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mod auth mellon project mod auth mellon

oracle zfs storage appliance kit 8.8

fedoraproject fedora 30

fedoraproject fedora 31

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

Vendor Advisories

Debian CVElist Bug Report Logs: libapache2-mod-auth-mellon: CVE-2019-13038
Debian Bug report logs - #931265 libapache2-mod-auth-mellon: CVE-2019-13038 Package: src:libapache2-mod-auth-mellon; Maintainer for src:libapache2-mod-auth-mellon is Thijs Kinkhorst <thijs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 29 Jun 2019 20:27:02 UTC Severity: important Tags: ...
Ubuntu Security Notice: libapache2-mod-auth-mellon vulnerability
libapache2-mod-auth-mellon could be made to redirect users to malicious sites ...
Red Hat: Moderate: mod_auth_mellon security and bug fix update
Synopsis Moderate: mod_auth_mellon security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Red Hat: Moderate: mod_auth_mellon security and bug fix update
Synopsis Moderate: mod_auth_mellon security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Amazon Linux 2: ALAS2-2020-1436
mod_auth_mellon through 0142 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL (CVE-2019-13038) ...
Amazon Linux AMI: ALAS-2020-1331
mod_auth_mellon through 0142 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL(CVE-2019-13038) ...
Red Hat: CVE-2019-13038
Impact: Moderate Public Date: 2019-06-20 CWE: CWE-601 Bugzilla: 1725740: CVE-2019-13038 mod_auth_mellon ...

References

CWE-601https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885https://usn.ubuntu.com/4291-1/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.debian.org/debian-lts-announce/2023/03/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5E3JVHURJJNDP63CKVX5O5MJAGCQV4K/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XU5GVFZW3C2M4ZBL4F7UP7N24FNUCX4E/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931265https://usn.ubuntu.com/4291-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook