Vulnerabilites related to apereo - phpCAS
cve-2010-3692
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42184"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3692",
"datePublished": "2010-10-07T20:21:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4172
Vulnerability from cvelistv5
Published
2020-01-24 18:29
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1131350 | x_refsource_MISC | |
| https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 | x_refsource_MISC | |
| https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d | x_refsource_MISC | |
| https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 | x_refsource_MISC | |
| https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_MISC | |
| https://github.com/Jasig/phpCAS/pull/125 | x_refsource_MISC | |
| https://issues.jasig.org/browse/CASC-228 | x_refsource_MISC | |
| https://www.debian.org/security/2014/dsa-3017.en.html | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Jasig/phpCAS/pull/125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.jasig.org/browse/CASC-228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.debian.org/security/2014/dsa-3017.en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T18:29:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Jasig/phpCAS/pull/125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.jasig.org/browse/CASC-228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.debian.org/security/2014/dsa-3017.en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"name": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"
},
{
"name": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d",
"refsource": "MISC",
"url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"
},
{
"name": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814",
"refsource": "MISC",
"url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"
},
{
"name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog",
"refsource": "MISC",
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "https://github.com/Jasig/phpCAS/pull/125",
"refsource": "MISC",
"url": "https://github.com/Jasig/phpCAS/pull/125"
},
{
"name": "https://issues.jasig.org/browse/CASC-228",
"refsource": "MISC",
"url": "https://issues.jasig.org/browse/CASC-228"
},
{
"name": "https://www.debian.org/security/2014/dsa-3017.en.html",
"refsource": "MISC",
"url": "https://www.debian.org/security/2014/dsa-3017.en.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4172",
"datePublished": "2020-01-24T18:29:32",
"dateReserved": "2014-06-17T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000071
Vulnerability from cvelistv5
Published
2017-07-13 20:00
Modified
2024-08-05 21:53
Severity ?
EPSS score ?
Summary
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99609 | vdb-entry, x_refsource_BID | |
| https://github.com/Jasig/phpCAS/issues/228 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "99609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Jasig/phpCAS/issues/228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00",
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "99609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Jasig/phpCAS/issues/228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.321638",
"ID": "CVE-2017-1000071",
"REQUESTER": "huyngocbk@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "99609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99609"
},
{
"name": "https://github.com/Jasig/phpCAS/issues/228",
"refsource": "CONFIRM",
"url": "https://github.com/Jasig/phpCAS/issues/228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000071",
"datePublished": "2017-07-13T20:00:00",
"dateReserved": "2017-07-10T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39369
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to "^(https)://.*") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64"
},
{
"name": "FEDORA-2022-37c2d26f59",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/"
},
{
"name": "FEDORA-2022-d6c6782130",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/"
},
{
"name": "FEDORA-2022-76b3530ac2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/"
},
{
"name": "[debian-lts-announce] 20230708 [SECURITY] [DLA 3485-1] php-cas security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpCAS",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to \"^(https)://.*\") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim\u0027s account on a vulnerable CASified service without victim\u0027s knowledge, when the victim visits attacker\u0027s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS \u003c 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP\u0027s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-99",
"description": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-08T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64"
},
{
"name": "FEDORA-2022-37c2d26f59",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/"
},
{
"name": "FEDORA-2022-d6c6782130",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/"
},
{
"name": "FEDORA-2022-76b3530ac2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/"
},
{
"name": "[debian-lts-announce] 20230708 [SECURITY] [DLA 3485-1] php-cas security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html"
}
],
"source": {
"advisory": "GHSA-8q72-6qq8-xv64",
"discovery": "UNKNOWN"
},
"title": "Service Hostname Discovery Exploitation in phpCAS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39369",
"datePublished": "2022-11-01T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1105
Vulnerability from cvelistv5
Published
2019-12-05 18:26
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-1105 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/03/05/7 | x_refsource_MISC | |
| https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/52280 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jasig Project | php-pear-CAS |
Version: 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/52280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "php-pear-CAS",
"vendor": "Jasig Project",
"versions": [
{
"status": "affected",
"version": "1.2.2"
}
]
}
],
"datePublic": "2012-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Debug log and proxy configuration session data stored in /tmp without proper protection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T18:26:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/52280"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1105",
"datePublished": "2019-12-05T18:26:36",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3691
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42184"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3691",
"datePublished": "2010-10-07T20:21:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5583
Vulnerability from cvelistv5
Published
2014-06-06 14:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51818 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81208 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "51818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51818"
},
{
"name": "phpcas-ssl-certificate-spoofing(81208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "51818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51818"
},
{
"name": "phpcas-ssl-certificate-spoofing(81208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"name": "51818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51818"
},
{
"name": "phpcas-ssl-certificate-spoofing(81208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5583",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1104
Vulnerability from cvelistv5
Published
2019-12-05 17:49
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-1104 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/03/05/7 | x_refsource_MISC | |
| https://www.securityfocus.com/bid/52279 | x_refsource_MISC | |
| https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jasig project | phpCAS |
Version: 1.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/52279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpCAS",
"vendor": "jasig project",
"versions": [
{
"status": "affected",
"version": "1.2.2"
}
]
}
],
"datePublic": "2012-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper management of service proxying",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T17:52:29",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/52279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1104",
"datePublished": "2019-12-05T17:49:19",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3690
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"name": "DSA-2172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"name": "ADV-2011-0456",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "FEDORA-2010-15943",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"name": "FEDORA-2010-15970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"name": "ADV-2010-2909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "43585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43585"
},
{
"name": "42149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "ADV-2010-2705",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"name": "43427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43427"
},
{
"name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"name": "FEDORA-2010-16912",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"name": "FEDORA-2010-16905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "41878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41878"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"name": "42184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42184"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3690",
"datePublished": "2010-10-07T20:21:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-12-05 18:15
Modified
2024-11-21 01:36
Severity ?
Summary
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | 1.2.2 | |
| linux | linux_kernel | - | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4746D3-EF36-426D-9BAF-F3D801980A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Seguridad en la biblioteca phpCAS versi\u00f3n 1.2.2 del proyecto jasig debido a la manera en que el proxy de servicios es administrado."
}
],
"id": "CVE-2012-1104",
"lastModified": "2024-11-21T01:36:25.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-05T18:15:12.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1104"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/52279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/52279"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-05 19:15
Modified
2024-11-21 01:36
Severity ?
Summary
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | 1.2.2 | |
| fedoraproject | fedora | 15 | |
| fedoraproject | fedora | 16 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4746D3-EF36-426D-9BAF-F3D801980A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en el paquete Jasig Project php-pear-CAS versi\u00f3n 1.2.2 en el directorio /tmp. La biblioteca del cliente Central Authentication Service guarda el archivo de registro de depuraci\u00f3n de manera no segura."
}
],
"id": "CVE-2012-1105",
"lastModified": "2024-11-21T01:36:26.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-05T19:15:15.040",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/52280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/52280"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-07 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | * | |
| apereo | phpcas | 0.2 | |
| apereo | phpcas | 0.3 | |
| apereo | phpcas | 0.3.1 | |
| apereo | phpcas | 0.3.2 | |
| apereo | phpcas | 0.4 | |
| apereo | phpcas | 0.4.1 | |
| apereo | phpcas | 0.4.8 | |
| apereo | phpcas | 0.4.9 | |
| apereo | phpcas | 0.4.10 | |
| apereo | phpcas | 0.4.11 | |
| apereo | phpcas | 0.4.12 | |
| apereo | phpcas | 0.4.13 | |
| apereo | phpcas | 0.4.14 | |
| apereo | phpcas | 0.4.15 | |
| apereo | phpcas | 0.4.16 | |
| apereo | phpcas | 0.4.17 | |
| apereo | phpcas | 0.4.18 | |
| apereo | phpcas | 0.4.19 | |
| apereo | phpcas | 0.4.20 | |
| apereo | phpcas | 0.4.21 | |
| apereo | phpcas | 0.4.22 | |
| apereo | phpcas | 0.4.23 | |
| apereo | phpcas | 0.5.0 | |
| apereo | phpcas | 0.5.1 | |
| apereo | phpcas | 0.6.0 | |
| apereo | phpcas | 1.0.0 | |
| apereo | phpcas | 1.0.1 | |
| apereo | phpcas | 1.1.0 | |
| apereo | phpcas | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33D1EDE-F0EE-4192-ACAB-CD843C58550E",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84643F63-231F-4A5C-8D47-058AD8FABFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23906CB9-E95F-4119-BAC7-E98167638812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4B02FB-D5D4-49AD-9FA4-DB9E98AAB4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD906C-3FE4-47CE-BF07-3C0E1B1EEFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D822C2B-E663-45BE-8625-001515905ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E67C0D-9812-41E3-B6C6-74D2B290EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47FC27-8A9C-47F6-B08D-D37F94AC87C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D651AC30-3409-4FC4-89A1-59C75913053E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "622CEFA1-A003-4D5D-964C-DE4082378540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8534CC-752C-413F-B446-2A52E3B063B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5C813FD1-BF71-4FF1-BBCC-CD4E519458A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CD842AB3-24DE-46D8-B84D-85381EFDBB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EB388-28EC-481F-8561-8B459BA6DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5137240-59CD-46EC-AFFB-03B60C32EB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0819E826-A3DD-4C3F-9DE3-874AF59EA998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5B6E4A-76BC-4407-A034-3D9A7C494226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7BE780-3755-417F-B789-2CF8E5FB47CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A2EFD3-C9D7-4852-A159-93265BFED6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C5C978-D2A7-4782-ACA1-40EF44D2F5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8183106C-7DFE-4523-96EF-451BBF765A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "022201CB-4E6C-47A4-A517-4E487E825263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7B67C493-D7F4-47F2-B86A-1CB856E934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBBD110-1B34-4FFB-BB80-F64A83099AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6C0FE4-B30E-488A-BD8E-0A32FC809F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DD2F0E-F5C5-4F73-977E-9CE81ECD4DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94985532-DF29-40BE-B4D2-D1D4D89851FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02E429F9-A1E9-4FB9-AB3D-EE1481B1DADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77FD0961-AFC8-4A9E-9942-4C8C0BD50DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E197B2B-DFB2-49CF-B13F-7E311358A88B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en phpCAS anterior a v1.1.3, cuando el modo proxy est\u00e1 habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML (1) a trav\u00e9s del par\u00e1metro modificado Proxy Granting Ticket IOU (PGTiou) para la funci\u00f3n callback en client.php y vectores que implican funciones que realizan llamadas getCallbackURL, o (3) vectores que implican funciones que realizan llamadas getURL"
}
],
"id": "CVE-2010-3690",
"lastModified": "2024-11-21T01:19:24.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-07T21:00:01.923",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "secalert@redhat.com",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "secalert@redhat.com",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 19:15
Modified
2024-11-21 02:09
Severity ?
Summary
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | .net_cas_client | * | |
| apereo | java_cas_client | * | |
| apereo | phpcas | * | |
| debian | debian_linux | 7.0 | |
| fedoraproject | fedora | 20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:.net_cas_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D3881B-F7F5-4E0F-B76F-EFA42ECB0E75",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:java_cas_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6BA56C-70FF-46A7-8648-E412BEA54EB9",
"versionEndExcluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "949AB748-0980-4F16-8031-42A413597117",
"versionEndExcluding": "1.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n de par\u00e1metros de URL en el paso de validaci\u00f3n de tickets del canal posterior del protocolo CAS en Jasig Java CAS Client versiones anteriores a 3.3.2, .NET CAS Client versiones anteriores a 1.0.2 y phpCAS versiones anteriores a 1.3.3, que permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) par\u00e1metro service en el archivo validation/AbstractUrlBasedTicketValidator.java o del (2) par\u00e1metro pgtUrl en el archivo validation/Cas20ServiceTicketValidator.java."
}
],
"id": "CVE-2014-4172",
"lastModified": "2024-11-21T02:09:38.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T19:15:12.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/pull/125"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://issues.jasig.org/browse/CASC-228"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2014/dsa-3017.en.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/pull/125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://issues.jasig.org/browse/CASC-228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2014/dsa-3017.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:04
Severity ?
Summary
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99609 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | Third Party Advisory | |
| cve@mitre.org | https://github.com/Jasig/phpCAS/issues/228 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99609 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Jasig/phpCAS/issues/228 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A64DC472-F459-43CB-8714-2279E2B1D3F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server."
},
{
"lang": "es",
"value": "Jasig phpCAS versi\u00f3n 1.3.4, es vulnerable a una omisi\u00f3n de autenticaci\u00f3n en la funci\u00f3n validateCAS20 cuando se configura para autenticarse en un antiguo servidor CAS."
}
],
"id": "CVE-2017-1000071",
"lastModified": "2024-11-21T03:04:05.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:18.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99609"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/issues/228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Jasig/phpCAS/issues/228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-01 17:15
Modified
2024-11-21 07:18
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to "^(https)://.*") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCFFAD3-7480-4042-B960-36ECB28467FB",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to \"^(https)://.*\") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim\u0027s account on a vulnerable CASified service without victim\u0027s knowledge, when the victim visits attacker\u0027s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS \u003c 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP\u0027s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior."
},
{
"lang": "es",
"value": "phpCAS es una librer\u00eda de autenticaci\u00f3n que permite que las aplicaciones PHP autentiquen f\u00e1cilmente a los usuarios a trav\u00e9s del servidor Central Authentication Service (CAS). La librer\u00eda phpCAS utiliza encabezados HTTP para determinar la URL del servicio utilizada para validar tickets. Esto permite a un atacante controlar el encabezado del host y utilizar un ticket v\u00e1lido otorgado para cualquier servicio autorizado en el mismo \u00e1mbito SSO (servidor CAS) para autenticarse en el servicio protegido por phpCAS. Dependiendo de la configuraci\u00f3n del registro de servicios del servidor CAS, en el peor de los casos, esta puede ser cualquier otra URL de servicio (si las URL permitidas est\u00e1n configuradas en \"^(https)://.*\") o puede estar estrictamente limitada a servicios conocidos y autorizados. en la misma federaci\u00f3n SSO si se aplica la validaci\u00f3n adecuada del servicio URL. Esta vulnerabilidad puede permitir que un atacante obtenga acceso a la cuenta de una v\u00edctima en un servicio CASified vulnerable sin el conocimiento de la v\u00edctima, cuando la v\u00edctima visita el sitio web del atacante mientras est\u00e1 conectado al mismo servidor CAS. phpCAS 1.6.0 es una actualizaci\u00f3n de versi\u00f3n importante que comienza a imponer la validaci\u00f3n de descubrimiento de URL del servicio, porque desafortunadamente no existe una configuraci\u00f3n predeterminada 100% segura para usar en PHP. A partir de esta versi\u00f3n, es necesario pasar un argumento de URL base de servicio adicional al construir la clase de cliente. Para obtener m\u00e1s informaci\u00f3n, consulte el documento de actualizaci\u00f3n. Esta vulnerabilidad solo afecta al cliente CAS contra el que protege la librer\u00eda phpCAS. El comportamiento problem\u00e1tico de descubrimiento de URL del servicio en phpCAS \u0026lt; 1.6.0 solo se deshabilitar\u00e1 y, por lo tanto, usted no se ver\u00e1 afectado si la configuraci\u00f3n de phpCAS tiene la siguiente configuraci\u00f3n: 1. Se llama a `phpCAS::setUrl()` (un recordatorio de que debe pasar la URL completa). de la p\u00e1gina actual, en lugar de la URL base de su servicio), y 2. Se llama a `phpCAS::setCallbackURL()`, solo cuando el modo proxy est\u00e1 habilitado. 3. Si la entrada del encabezado HTTP de PHP `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` se sanitiza antes de llegar a PHP (por un proxy inverso, por ejemplo), esta vulnerabilidad tampoco le afectar\u00e1. Si el registro de servicios de su servidor CAS est\u00e1 configurado para permitir solo URL de servicios conocidos y confiables, la gravedad de la vulnerabilidad se reduce sustancialmente ya que un atacante debe tener el control de otro servicio autorizado. De lo contrario, debe actualizar la librer\u00eda para obtener un comportamiento de descubrimiento de servicios seguro."
}
],
"id": "CVE-2022-39369",
"lastModified": "2024-11-21T07:18:09.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-01T17:15:10.267",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-99"
},
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-07 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | * | |
| apereo | phpcas | 0.2 | |
| apereo | phpcas | 0.3 | |
| apereo | phpcas | 0.3.1 | |
| apereo | phpcas | 0.3.2 | |
| apereo | phpcas | 0.4 | |
| apereo | phpcas | 0.4.1 | |
| apereo | phpcas | 0.4.8 | |
| apereo | phpcas | 0.4.9 | |
| apereo | phpcas | 0.4.10 | |
| apereo | phpcas | 0.4.11 | |
| apereo | phpcas | 0.4.12 | |
| apereo | phpcas | 0.4.13 | |
| apereo | phpcas | 0.4.14 | |
| apereo | phpcas | 0.4.15 | |
| apereo | phpcas | 0.4.16 | |
| apereo | phpcas | 0.4.17 | |
| apereo | phpcas | 0.4.18 | |
| apereo | phpcas | 0.4.19 | |
| apereo | phpcas | 0.4.20 | |
| apereo | phpcas | 0.4.21 | |
| apereo | phpcas | 0.4.22 | |
| apereo | phpcas | 0.4.23 | |
| apereo | phpcas | 0.5.0 | |
| apereo | phpcas | 0.5.1 | |
| apereo | phpcas | 0.6.0 | |
| apereo | phpcas | 1.0.0 | |
| apereo | phpcas | 1.0.1 | |
| apereo | phpcas | 1.1.0 | |
| apereo | phpcas | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33D1EDE-F0EE-4192-ACAB-CD843C58550E",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84643F63-231F-4A5C-8D47-058AD8FABFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23906CB9-E95F-4119-BAC7-E98167638812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4B02FB-D5D4-49AD-9FA4-DB9E98AAB4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD906C-3FE4-47CE-BF07-3C0E1B1EEFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D822C2B-E663-45BE-8625-001515905ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E67C0D-9812-41E3-B6C6-74D2B290EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47FC27-8A9C-47F6-B08D-D37F94AC87C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D651AC30-3409-4FC4-89A1-59C75913053E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "622CEFA1-A003-4D5D-964C-DE4082378540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8534CC-752C-413F-B446-2A52E3B063B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5C813FD1-BF71-4FF1-BBCC-CD4E519458A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CD842AB3-24DE-46D8-B84D-85381EFDBB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EB388-28EC-481F-8561-8B459BA6DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5137240-59CD-46EC-AFFB-03B60C32EB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0819E826-A3DD-4C3F-9DE3-874AF59EA998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5B6E4A-76BC-4407-A034-3D9A7C494226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7BE780-3755-417F-B789-2CF8E5FB47CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A2EFD3-C9D7-4852-A159-93265BFED6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C5C978-D2A7-4782-ACA1-40EF44D2F5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8183106C-7DFE-4523-96EF-451BBF765A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "022201CB-4E6C-47A4-A517-4E487E825263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7B67C493-D7F4-47F2-B86A-1CB856E934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBBD110-1B34-4FFB-BB80-F64A83099AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6C0FE4-B30E-488A-BD8E-0A32FC809F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DD2F0E-F5C5-4F73-977E-9CE81ECD4DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94985532-DF29-40BE-B4D2-D1D4D89851FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02E429F9-A1E9-4FB9-AB3D-EE1481B1DADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77FD0961-AFC8-4A9E-9942-4C8C0BD50DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E197B2B-DFB2-49CF-B13F-7E311358A88B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file."
},
{
"lang": "es",
"value": "PGTStorage/pgt-file.php en phpCAS anterior a v1.1.3, cuando el modo proxy est\u00e1 habilitado, permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simb\u00f3lico sobre un fichero sin especificar."
}
],
"id": "CVE-2010-3691",
"lastModified": "2024-11-21T01:19:24.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-07T21:00:01.970",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "secalert@redhat.com",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "secalert@redhat.com",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-07 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apereo | phpcas | * | |
| apereo | phpcas | 0.2 | |
| apereo | phpcas | 0.3 | |
| apereo | phpcas | 0.3.1 | |
| apereo | phpcas | 0.3.2 | |
| apereo | phpcas | 0.4 | |
| apereo | phpcas | 0.4.1 | |
| apereo | phpcas | 0.4.8 | |
| apereo | phpcas | 0.4.9 | |
| apereo | phpcas | 0.4.10 | |
| apereo | phpcas | 0.4.11 | |
| apereo | phpcas | 0.4.12 | |
| apereo | phpcas | 0.4.13 | |
| apereo | phpcas | 0.4.14 | |
| apereo | phpcas | 0.4.15 | |
| apereo | phpcas | 0.4.16 | |
| apereo | phpcas | 0.4.17 | |
| apereo | phpcas | 0.4.18 | |
| apereo | phpcas | 0.4.19 | |
| apereo | phpcas | 0.4.20 | |
| apereo | phpcas | 0.4.21 | |
| apereo | phpcas | 0.4.22 | |
| apereo | phpcas | 0.4.23 | |
| apereo | phpcas | 0.5.0 | |
| apereo | phpcas | 0.5.1 | |
| apereo | phpcas | 0.6.0 | |
| apereo | phpcas | 1.0.0 | |
| apereo | phpcas | 1.0.1 | |
| apereo | phpcas | 1.1.0 | |
| apereo | phpcas | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33D1EDE-F0EE-4192-ACAB-CD843C58550E",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84643F63-231F-4A5C-8D47-058AD8FABFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23906CB9-E95F-4119-BAC7-E98167638812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4B02FB-D5D4-49AD-9FA4-DB9E98AAB4E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD906C-3FE4-47CE-BF07-3C0E1B1EEFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D822C2B-E663-45BE-8625-001515905ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E67C0D-9812-41E3-B6C6-74D2B290EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47FC27-8A9C-47F6-B08D-D37F94AC87C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D651AC30-3409-4FC4-89A1-59C75913053E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "622CEFA1-A003-4D5D-964C-DE4082378540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8534CC-752C-413F-B446-2A52E3B063B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5C813FD1-BF71-4FF1-BBCC-CD4E519458A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CD842AB3-24DE-46D8-B84D-85381EFDBB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EB388-28EC-481F-8561-8B459BA6DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C5137240-59CD-46EC-AFFB-03B60C32EB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0819E826-A3DD-4C3F-9DE3-874AF59EA998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5B6E4A-76BC-4407-A034-3D9A7C494226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7BE780-3755-417F-B789-2CF8E5FB47CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A2EFD3-C9D7-4852-A159-93265BFED6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C5C978-D2A7-4782-ACA1-40EF44D2F5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8183106C-7DFE-4523-96EF-451BBF765A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "022201CB-4E6C-47A4-A517-4E487E825263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7B67C493-D7F4-47F2-B86A-1CB856E934DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBBD110-1B34-4FFB-BB80-F64A83099AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6C0FE4-B30E-488A-BD8E-0A32FC809F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93DD2F0E-F5C5-4F73-977E-9CE81ECD4DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94985532-DF29-40BE-B4D2-D1D4D89851FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02E429F9-A1E9-4FB9-AB3D-EE1481B1DADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77FD0961-AFC8-4A9E-9942-4C8C0BD50DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E197B2B-DFB2-49CF-B13F-7E311358A88B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n callback en client.php en phpCAS anterior a v1.1.3, cuando el modo proxy est\u00e1 habilitado, permite a atacantes crear o sobreescribir ficheros arbitrarios mediante secuencias de salto de directorio en el par\u00e1metro Proxy Granting Ticket IOU (PGTiou)."
}
],
"id": "CVE-2010-3692",
"lastModified": "2024-11-21T01:19:24.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-07T21:00:02.017",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "secalert@redhat.com",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "secalert@redhat.com",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jasig.org/browse/PHPCAS-80"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-06 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE71C97-22B9-4455-B00F-043F45324E65",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1DEE0FEC-4A54-478D-957B-F314EAD75A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apereo:phpcas:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "34A7F533-0474-4F28-A5F5-7C065C1A54DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "phpCAS anterior a 1.3.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido arbitrario."
}
],
"id": "CVE-2012-5583",
"lastModified": "2024-11-21T01:44:55.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-06T14:55:03.777",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51818"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}