Uninett Mod Auth Mellon — known CVE vulnerabilities
Every CVE whose affected-product data names Uninett Mod Auth Mellon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2014-8567 — CVSS 9.4 (critical): The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted…
CVE-2016-2145 — CVSS 7.5 (high): The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which…
CVE-2016-2146 — CVSS 7.5 (high): The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to…
CVE-2014-8566 — CVSS 6.4 (medium): The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation…
CVE-2017-6807 — CVSS 6.1 (medium): mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a…
CVE-2021-3639 — CVSS 6.1 (medium): A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate…