Lucene search

[email protected]CVE-2010-2795

HistoryAug 05, 2010 - 6:17 p.m.

CVE-2010-2795

2010-08-0518:17:57

CWE-20

[email protected]

web.nvd.nist.gov

phpcas

session hijacking

cve-2010-2795

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.

Affected configurations

NVD

Node

joachim_fritschiphpcasRange≤1.1.1

joachim_fritschiphpcasMatch0.2

joachim_fritschiphpcasMatch0.3

joachim_fritschiphpcasMatch0.3.1

joachim_fritschiphpcasMatch0.3.2

joachim_fritschiphpcasMatch0.4

joachim_fritschiphpcasMatch0.4.1

joachim_fritschiphpcasMatch0.4.2

joachim_fritschiphpcasMatch0.4.3

joachim_fritschiphpcasMatch0.4.4

joachim_fritschiphpcasMatch0.4.5

joachim_fritschiphpcasMatch0.4.6

joachim_fritschiphpcasMatch0.4.7

joachim_fritschiphpcasMatch0.4.8

joachim_fritschiphpcasMatch0.4.9

joachim_fritschiphpcasMatch0.4.10

joachim_fritschiphpcasMatch0.4.11

joachim_fritschiphpcasMatch0.4.12

joachim_fritschiphpcasMatch0.4.13

joachim_fritschiphpcasMatch0.4.14

joachim_fritschiphpcasMatch0.4.15

joachim_fritschiphpcasMatch0.4.16

joachim_fritschiphpcasMatch0.4.17

joachim_fritschiphpcasMatch0.4.18

joachim_fritschiphpcasMatch0.4.19

joachim_fritschiphpcasMatch0.4.20

joachim_fritschiphpcasMatch0.4.21

joachim_fritschiphpcasMatch0.4.22

joachim_fritschiphpcasMatch0.4.23

joachim_fritschiphpcasMatch0.5.0

joachim_fritschiphpcasMatch0.5.1

joachim_fritschiphpcasMatch0.6.0

joachim_fritschiphpcasMatch1.0.0

joachim_fritschiphpcasMatch1.0.1

joachim_fritschiphpcasMatch1.1.0

CPENameOperatorVersion
joachim_fritschi:phpcasjoachim fritschi phpcasle1.1.1
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.2
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.3
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.3.1
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.3.2
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.4
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.4.1
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.4.2
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.4.3
joachim_fritschi:phpcasjoachim fritschi phpcaseq0.4.4

CPE	Name	Operator	Version
joachim_fritschi:phpcas	joachim fritschi phpcas	le	1.1.1
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.2
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.3
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.3.1
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.3.2
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.4
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.4.1
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.4.2
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.4.3
joachim_fritschi:phpcas	joachim fritschi phpcas	eq	0.4.4

Rows per page:

1-10 of 351

References

lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html

lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html

secunia.com/advisories/40845

secunia.com/advisories/41240

secunia.com/advisories/42149

secunia.com/advisories/42184

secunia.com/advisories/43427

www.debian.org/security/2011/dsa-2172

www.securityfocus.com/bid/42162

www.vupen.com/english/advisories/2010/2234

www.vupen.com/english/advisories/2010/2261

www.vupen.com/english/advisories/2010/2909

www.vupen.com/english/advisories/2011/0456

exchange.xforce.ibmcloud.com/vulnerabilities/60894

forge.indepnet.net/projects/glpi/repository/revisions/12601

issues.jasig.org/browse/PHPCAS-61

wiki.jasig.org/display/CASC/phpCAS+ChangeLog

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2010-2795

cvelist1 nvd1 prion1 openvas20 fedora8 nessus9 debian1