Vulnerability identifier: #VU18091

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3878

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
mod_auth_mellon
Server applications / Other server solutions

Vendor: UNINETT

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing certain headers. A remote attacker can add special HTTP headers that are normally used to start the special SAML ECP, bypass authentication process and gain unauthorized access to the application.

Successful exploitation of the vulnerability requires that Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

mod_auth_mellon: 0.4.0 - 0.14.1

---

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878
http://github.com/Uninett/mod_auth_mellon/pull/196

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.