6.6 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
secunia.com/advisories/41878
secunia.com/advisories/42149
secunia.com/advisories/42184
secunia.com/advisories/43427
www.debian.org/security/2011/dsa-2172
www.openwall.com/lists/oss-security/2010/09/29/6
www.openwall.com/lists/oss-security/2010/10/01/2
www.openwall.com/lists/oss-security/2010/10/01/5
www.securityfocus.com/bid/43585
www.vupen.com/english/advisories/2010/2705
www.vupen.com/english/advisories/2010/2909
www.vupen.com/english/advisories/2011/0456
developer.jasig.org/source/changelog/jasigsvn?cs=21538
forge.indepnet.net/projects/glpi/repository/revisions/12601
issues.jasig.org/browse/PHPCAS-80