Debian Local Security Checks : Debian Security Advisory DSA 4414-1 (libapache2-mod-auth-mellon

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704414

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4414-1 (libapache2-mod-auth-mellon - security update)

Zusammenfassung: The remote host is missing an update for the 'libapache2-mod-auth-mellon'; package(s) announced via the DSA-4414-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libapache2-mod-auth-mellon'
package(s) announced via the DSA-4414-1 advisory.

Vulnerability Insight:
Several issues have been discovered in Apache module auth_mellon, which
provides SAML 2.0 authentication.

CVE-2019-3877
It was possible to bypass the redirect URL checking on logout, so
the module could be used as an open redirect facility.

CVE-2019-3878
When mod_auth_mellon is used in an Apache configuration which
serves as a remote proxy with the http_proxy module, it was
possible to bypass authentication by sending SAML ECP headers.

Affected Software/OS:
'libapache2-mod-auth-mellon' package(s) on Debian Linux.

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 0.12.0-2+deb9u1.

We recommend that you upgrade your libapache2-mod-auth-mellon packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3877
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/
RedHat Security Advisories: RHSA-2019:0766
https://access.redhat.com/errata/RHSA-2019:0766
RedHat Security Advisories: RHSA-2019:3421
https://access.redhat.com/errata/RHSA-2019:3421
https://usn.ubuntu.com/3924-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-3878
RedHat Security Advisories: RHBA-2019:0959
https://access.redhat.com/errata/RHBA-2019:0959
RedHat Security Advisories: RHSA-2019:0746
https://access.redhat.com/errata/RHSA-2019:0746
RedHat Security Advisories: RHSA-2019:0985
https://access.redhat.com/errata/RHSA-2019:0985

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704414
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4414-1 (libapache2-mod-auth-mellon - security update)
Zusammenfassung:	The remote host is missing an update for the 'libapache2-mod-auth-mellon'; package(s) announced via the DSA-4414-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libapache2-mod-auth-mellon' package(s) announced via the DSA-4414-1 advisory. Vulnerability Insight: Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877 It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility. CVE-2019-3878 When mod_auth_mellon is used in an Apache configuration which serves as a remote proxy with the http_proxy module, it was possible to bypass authentication by sending SAML ECP headers. Affected Software/OS: 'libapache2-mod-auth-mellon' package(s) on Debian Linux. Solution: For the stable distribution (stretch), these problems have been fixed in version 0.12.0-2+deb9u1. We recommend that you upgrade your libapache2-mod-auth-mellon packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3877 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/ RedHat Security Advisories: RHSA-2019:0766 https://access.redhat.com/errata/RHSA-2019:0766 RedHat Security Advisories: RHSA-2019:3421 https://access.redhat.com/errata/RHSA-2019:3421 https://usn.ubuntu.com/3924-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-3878 RedHat Security Advisories: RHBA-2019:0959 https://access.redhat.com/errata/RHBA-2019:0959 RedHat Security Advisories: RHSA-2019:0746 https://access.redhat.com/errata/RHSA-2019:0746 RedHat Security Advisories: RHSA-2019:0985 https://access.redhat.com/errata/RHSA-2019:0985
Copyright	Copyright (C) 2019 Greenbone Networks GmbH