Lucene search

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

🗓️ 17 May 2022 19:18:57Reported by GitHub Advisory DatabaseType

Jasig Java CAS Client, .NET CAS Client, and phpCAS URL parameter injection vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 23
Veracode	Cross-site Scripting (XSS)	28 Jan 202005:19	–	veracode
UbuntuCve	CVE-2014-4172	24 Jan 202000:00	–	ubuntucve
Tenable Nessus	Debian DSA-3017-1 : php-cas - security update	4 Sep 201400:00	–	nessus
Tenable Nessus	Fedora 20 : cas-client-3.3.3-1.fc20 (2014-9662)	30 Aug 201400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2014-4172	4 Mar 202500:00	–	nessus
Tenable Nessus	RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Debian	[SECURITY] [DSA 3017-1] php-cas security update	2 Sep 201416:40	–	debian
OpenVAS	Fedora Update for cas-client FEDORA-2014-9662	31 Aug 201400:00	–	openvas
OpenVAS	Debian Security Advisory DSA 3017-1 (php-cas - security update)	2 Sep 201400:00	–	openvas
OpenVAS	Debian: Security Advisory (DSA-3017-1)	1 Sep 201400:00	–	openvas

Vulners

Node

jasig phpcasRange<1.3.3

org.jasig.cas cas-clientRange<3.3.2

dotnetcasclientRange<1.0.2

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-4172
github	www.github.com/Jasig/phpCAS/pull/125
github	www.github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
github	www.github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/95673
github	www.github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
issues	www.issues.jasig.org/browse/CASC-228
debian	www.debian.org/security/2014/dsa-3017.en.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 19:57Current

9High risk

Vulners AI Score9

CVSS27.5

CVSS39.8

EPSS0.06742

CWE-74