CVE-2019-3878

HIGH Year: 2019
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-305
View all →

Vulnerability Description

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Related Vulnerabilities

CVE-2024-12776

HIGH
CVSS:8.1(High)

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulne...

CWE-3052024

CVE-2023-4898

HIGH
CVSS:8.2(High)

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

CWE-3052023

CVE-2022-23729

HIGH
CVSS:7.8(High)

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

CWE-3052022

CVE-2023-6998

HIGH
CVSS:7.7(High)

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.

CWE-3052023

CVE-2020-10126

HIGH
CVSS:7.6(High)

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart...

CWE-3052020

CVE-2023-0777

HIGH
CVSS:8.6(High)

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

CWE-3052023