A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-03-26T17:44:29
Updated: 2024-08-04T19:19:18.665Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3878
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-26T18:29:00.983
Modified: 2024-11-21T04:42:46.800
Link: CVE-2019-3878
Redhat