CVE-2019-3878: Uninett mod_auth_mellon ECP Authentication Bypass Vulnerability (26th Mar 2019)

Preface: The statistic by Netcraft in January 2019, Apache server coverage market reach 30.88%.

Technical background: Apache server not only contain web server service, it can config as a reserve proxy server to enhance the web infrastructure isolation level. Single sign-on authentication method growth significant in past few years. A popular web architecture model, setup Apache become reserve proxy service and thus integrate to single sign on (SAML) function.

Vulnerability detail: If Apache is configured as a reverse proxy with mod_auth_mellon for authentication, the authentication can be bypassed by adding SAML 2.0 ECP headers to the request.

Official announcement and security fixes: