USN-4597-1

Advisory lineage Upstream: 6 Downstream: 0
Published: 22 Oct 2020, 12:47
Last modified:04 Feb 2026, 03:13

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 Oct 2020, 12:47
Published
Vulnerability first disclosed
04 Feb 2026, 03:13
Last Modified
Vulnerability information updated

Description

libapache2-mod-auth-mellon vulnerabilities François Kooman discovered that mod_auth_mellon incorrectly handled cookies. An attacker could possibly use this issue to cause a Cross-Site Session Transfer attack. (CVE-2017-6807) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878)

Affected Systems

  • ubuntulibapache2-mod-auth-mellon

    < 0.12.0-2+deb9u1build0.16.04.1

References (4)