Lucene search

[email protected]CVE-2015-1169

HistoryFeb 10, 2015 - 8:59 p.m.

CVE-2015-1169

2015-02-1020:59:01

CWE-74

[email protected]

web.nvd.nist.gov

apereo

cas

ldap injection

cve-2015-1169

security vulnerability

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.

Affected configurations

NVD

Node

apereocentral_authentication_serviceRange≤3.5.2

CPENameOperatorVersion
apereo:central_authentication_serviceapereo central authentication servicele3.5.2

CPE	Name	Operator	Version
apereo:central_authentication_service	apereo central authentication service	le	3.5.2

References

packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html

seclists.org/fulldisclosure/2015/Jan/87

github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c

github.com/Jasig/cas/pull/411

issues.jasig.org/browse/CAS-1429

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2015-1169

packetstorm1 zdt1 cvelist1 prion1 nvd1