All the vulnerabilites related to apereo - phpCAS
cve-2010-3691
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:18:53.089Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42184" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-29T00:00:00", "descriptions": [ { "lang": "en", "value": "PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-11-03T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42184" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3691", "datePublished": "2010-10-07T20:21:00", "dateReserved": "2010-10-01T00:00:00", "dateUpdated": "2024-08-07T03:18:53.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-4172
Vulnerability from cvelistv5
Published
2020-01-24 18:29
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1131350 | x_refsource_MISC | |
https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html | x_refsource_MISC | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 | x_refsource_MISC | |
https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d | x_refsource_MISC | |
https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 | x_refsource_MISC | |
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_MISC | |
https://github.com/Jasig/phpCAS/pull/125 | x_refsource_MISC | |
https://issues.jasig.org/browse/CASC-228 | x_refsource_MISC | |
https://www.debian.org/security/2014/dsa-3017.en.html | x_refsource_MISC | |
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T11:04:28.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Jasig/phpCAS/pull/125" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.jasig.org/browse/CASC-228" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.debian.org/security/2014/dsa-3017.en.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-24T18:29:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Jasig/phpCAS/pull/125" }, { "tags": [ "x_refsource_MISC" ], "url": "https://issues.jasig.org/browse/CASC-228" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.debian.org/security/2014/dsa-3017.en.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4172", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350" }, { "name": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html", "refsource": "MISC", "url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html" }, { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718" }, { "name": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "refsource": "MISC", "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d" }, { "name": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "refsource": "MISC", "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814" }, { "name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource": "MISC", "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "https://github.com/Jasig/phpCAS/pull/125", "refsource": "MISC", "url": "https://github.com/Jasig/phpCAS/pull/125" }, { "name": "https://issues.jasig.org/browse/CASC-228", "refsource": "MISC", "url": "https://issues.jasig.org/browse/CASC-228" }, { "name": "https://www.debian.org/security/2014/dsa-3017.en.html", "refsource": "MISC", "url": "https://www.debian.org/security/2014/dsa-3017.en.html" }, { "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "refsource": "MISC", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4172", "datePublished": "2020-01-24T18:29:32", "dateReserved": "2014-06-17T00:00:00", "dateUpdated": "2024-08-06T11:04:28.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-1104
Vulnerability from cvelistv5
Published
2019-12-05 17:49
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
References
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2012-1104 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/03/05/7 | x_refsource_MISC | |
https://www.securityfocus.com/bid/52279 | x_refsource_MISC | |
https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
jasig project | phpCAS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:45:27.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1104" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.securityfocus.com/bid/52279" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "phpCAS", "vendor": "jasig project", "versions": [ { "status": "affected", "version": "1.2.2" } ] } ], "datePublic": "2012-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper management of service proxying", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-05T17:52:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1104" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.securityfocus.com/bid/52279" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1104", "datePublished": "2019-12-05T17:49:19", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-3690
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:18:52.782Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42184" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-11-03T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42184" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3690", "datePublished": "2010-10-07T20:21:00", "dateReserved": "2010-10-01T00:00:00", "dateUpdated": "2024-08-07T03:18:52.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-3692
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:18:52.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42184" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-11-03T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82" }, { "name": "DSA-2172", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.jasig.org/browse/PHPCAS-80" }, { "name": "ADV-2011-0456", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0456" }, { "name": "FEDORA-2010-15943", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html" }, { "name": "FEDORA-2010-15970", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html" }, { "name": "ADV-2010-2909", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2909" }, { "name": "43585", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43585" }, { "name": "42149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42149" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601" }, { "name": "ADV-2010-2705", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2705" }, { "name": "43427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43427" }, { "name": "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/29/6" }, { "name": "FEDORA-2010-16912", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538" }, { "name": "FEDORA-2010-16905", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html" }, { "name": "41878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41878" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/5" }, { "name": "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/01/2" }, { "name": "42184", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42184" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3692", "datePublished": "2010-10-07T20:21:00", "dateReserved": "2010-10-01T00:00:00", "dateUpdated": "2024-08-07T03:18:52.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-5583
Vulnerability from cvelistv5
Published
2014-06-06 14:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
▼ | URL | Tags |
---|---|---|
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_CONFIRM | |
http://secunia.com/advisories/51818 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81208 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "51818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51818" }, { "name": "phpcas-ssl-certificate-spoofing(81208)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "51818", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51818" }, { "name": "phpcas-ssl-certificate-spoofing(81208)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5583", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "51818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51818" }, { "name": "phpcas-ssl-certificate-spoofing(81208)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81208" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5583", "datePublished": "2014-06-06T14:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39369
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Service Hostname Discovery Exploitation in phpCAS
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:44.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64" }, { "name": "FEDORA-2022-37c2d26f59", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/" }, { "name": "FEDORA-2022-d6c6782130", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/" }, { "name": "FEDORA-2022-76b3530ac2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/" }, { "name": "[debian-lts-announce] 20230708 [SECURITY] [DLA 3485-1] php-cas security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "phpCAS", "vendor": "apereo", "versions": [ { "status": "affected", "version": "\u003c 1.6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to \"^(https)://.*\") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim\u0027s account on a vulnerable CASified service without victim\u0027s knowledge, when the victim visits attacker\u0027s website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS \u003c 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP\u0027s HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-99", "description": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287: Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-08T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64" }, { "name": "FEDORA-2022-37c2d26f59", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/" }, { "name": "FEDORA-2022-d6c6782130", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/" }, { "name": "FEDORA-2022-76b3530ac2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/" }, { "name": "[debian-lts-announce] 20230708 [SECURITY] [DLA 3485-1] php-cas security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html" } ], "source": { "advisory": "GHSA-8q72-6qq8-xv64", "discovery": "UNKNOWN" }, "title": "Service Hostname Discovery Exploitation in phpCAS" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39369", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:44.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-1105
Vulnerability from cvelistv5
Published
2019-12-05 18:26
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
References
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2012-1105 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/03/05/7 | x_refsource_MISC | |
https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | x_refsource_CONFIRM | |
https://www.securityfocus.com/bid/52280 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
Jasig Project | php-pear-CAS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:45:27.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1105" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/7" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.securityfocus.com/bid/52280" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "php-pear-CAS", "vendor": "Jasig Project", "versions": [ { "status": "affected", "version": "1.2.2" } ] } ], "datePublic": "2012-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner." } ], "problemTypes": [ { "descriptions": [ { "description": "Debug log and proxy configuration session data stored in /tmp without proper protection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-05T18:26:36", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1105" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/7" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.securityfocus.com/bid/52280" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1105", "datePublished": "2019-12-05T18:26:36", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-1000071
Vulnerability from cvelistv5
Published
2017-07-13 20:00
Modified
2024-08-05 21:53
Severity ?
EPSS score ?
Summary
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
References
▼ | URL | Tags |
---|---|---|
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99609 | vdb-entry, x_refsource_BID | |
https://github.com/Jasig/phpCAS/issues/228 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:53:06.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "99609", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99609" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Jasig/phpCAS/issues/228" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2017-05-06T00:00:00", "datePublic": "2017-07-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-18T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "99609", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99609" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Jasig/phpCAS/issues/228" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-05-06T20:43:28.321638", "ID": "CVE-2017-1000071", "REQUESTER": "huyngocbk@gmail.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" }, { "name": "99609", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99609" }, { "name": "https://github.com/Jasig/phpCAS/issues/228", "refsource": "CONFIRM", "url": "https://github.com/Jasig/phpCAS/issues/228" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000071", "datePublished": "2017-07-13T20:00:00", "dateReserved": "2017-07-10T00:00:00", "dateUpdated": "2024-08-05T21:53:06.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }