CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2015-1169 – CAS Server 3.5.2 LDAP Authentication Bypass
https://notcve.org/view.php?id=CVE-2015-1169
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. Apereo Central Authentication Service (CAS) Server anterior a 3.5.3 permite a atacantes remotos realizar ataques de inyección LDAP a través de un nombre de usuario manipulado, tal y como fue demostrado mediante el uso de un comodín y una contraseña válida para evadir la autenticación LDAP. CAS Server version 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. • http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html http://seclists.org/fulldisclosure/2015/Jan/87 https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c https://github.com/Jasig/cas/pull/411 https://issues.jasig.org/browse/CAS-1429 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2014-4172 – cas-client: Bypass of security constraints via URL parameter injection
https://notcve.org/view.php?id=CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. Se detectó una vulnerabilidad de inyección de parámetros de URL en el paso de validación de tickets del canal posterior del protocolo CAS en Jasig Java CAS Client versiones anteriores a 3.3.2, .NET CAS Client versiones anteriores a 1.0.2 y phpCAS versiones anteriores a 1.3.3, que permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro service en el archivo validation/AbstractUrlBasedTicketValidator.java o del (2) parámetro pgtUrl en el archivo validation/Cas20ServiceTicketValidator.java. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 https://bugzilla.redhat.com/show_bug.cgi?id=1131350 https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog https://github.com/Jasig/phpCAS&#x • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5583
https://notcve.org/view.php?id=CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. phpCAS anterior a 1.3.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://secunia.com/advisories/51818 https://exchange.xforce.ibmcloud.com/vulnerabilities/81208 https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog • CWE-310: Cryptographic Issues •
CVSS: 3.3EPSS: 0%CPEs: 30EXPL: 0CVE-2010-3691
https://notcve.org/view.php?id=CVE-2010-3691
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. PGTStorage/pgt-file.php en phpCAS anterior a v1.1.3, cuando el modo proxy está habilitado, permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simbólico sobre un fichero sin especificar. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html http://secunia.com/advisories/41878 http://secunia.com/advisories/42149 http://secunia.com/advisories/42184 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 1%CPEs: 30EXPL: 0CVE-2010-3692
https://notcve.org/view.php?id=CVE-2010-3692
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter. Vulnerabilidad de salto de directorio en la función callback en client.php en phpCAS anterior a v1.1.3, cuando el modo proxy está habilitado, permite a atacantes crear o sobreescribir ficheros arbitrarios mediante secuencias de salto de directorio en el parámetro Proxy Granting Ticket IOU (PGTiou). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html http://secunia.com/advisories/41878 http://secunia.com/advisories/42149 http://secunia.com/advisories/42184 http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •