CVE-2014-4172
cas-client: Bypass of security constraints via URL parameter injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
Se detectó una vulnerabilidad de inyección de parámetros de URL en el paso de validación de tickets del canal posterior del protocolo CAS en Jasig Java CAS Client versiones anteriores a 3.3.2, .NET CAS Client versiones anteriores a 1.0.2 y phpCAS versiones anteriores a 1.3.3, que permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro service en el archivo validation/AbstractUrlBasedTicketValidator.java o del (2) parámetro pgtUrl en el archivo validation/Cas20ServiceTicketValidator.java.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-17 CVE Reserved
- 2014-09-02 CVE Published
- 2024-05-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html | Third Party Advisory |
|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 | Third Party Advisory | |
| https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog | Release Notes | |
| https://github.com/Jasig/phpCAS/pull/125 | Third Party Advisory | |
| https://issues.jasig.org/browse/CASC-228 | Third Party Advisory | |
| https://www.debian.org/security/2014/dsa-3017.en.html | Third Party Advisory |
|
| https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1131350 | 2015-05-14 | |
| https://access.redhat.com/security/cve/CVE-2014-4172 | 2015-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apereo Search vendor "Apereo" | .net Cas Client Search vendor "Apereo" for product ".net Cas Client" | < 1.0.2 Search vendor "Apereo" for product ".net Cas Client" and version " < 1.0.2" | - |
Affected
| ||||||
| Apereo Search vendor "Apereo" | Java Cas Client Search vendor "Apereo" for product "Java Cas Client" | < 3.3.2 Search vendor "Apereo" for product "Java Cas Client" and version " < 3.3.2" | - |
Affected
| ||||||
| Apereo Search vendor "Apereo" | Phpcas Search vendor "Apereo" for product "Phpcas" | < 1.3.3 Search vendor "Apereo" for product "Phpcas" and version " < 1.3.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 20 Search vendor "Fedoraproject" for product "Fedora" and version "20" | - |
Affected
| ||||||