CVE-2017-15700

The provided connected documents identify CVE-2017-15700 as a flaw in Apache Sling Authentication Service (version 1.4.0) related to the AuthUtil#isRedirectValid method. The root cause is flawed redirect validation, which can be exploited via the Sling login form to trick a victim into sending cr...

The vulnerability of the implementation of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance (ASA) allows a attacker to cause a service failure.

The vulnerability of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance ASA devices is related to insufficient checking of HTTP request headers. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot and a service...

Pivotal Cloud Foundry cf-release and UAA denial of service vulnerabilities

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides features such as container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. uaa is a...

Pivotal Cloud Foundry Multiple Product Design Vulnerabilities

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...

Pivotal Cloud Foundry Runtime cf-release, UAA and Pivotal Cloud Foundry Elastic Runtime Cross-Site Request Forgery Vulnerabilities

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...

Pivotal Cloud Foundry Multiple Product Design Vulnerabilities (CNVD-2017-35830)

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...

Denial Of Service (DoS)

Symfony is vulnerable to denial of service DoS attacks. The library does not limit the length of usernames stored in a session. A malicious user can pass multiple long, non-existent usernames to the system to cause it to run out of storage. This can lead to the authentication service being...

Multiple Pivotal Software Products Accept Expired Certificates Vulnerability

Pivotal Cloud Foundry PCF, UAA, and UAA-Release are products of Pivotal Software, Inc. of the U.S. PCF is a suite of open-source Platform-as-a-Service PaaS cloud computing platforms that provide features such as container scheduling, continuous delivery, and automated service deployment; UAA is a...

Jasig phpCAS Authentication Bypass Vulnerability

Jasig phpCAS is a British company Jasig ITS Centralized Authentication Service Central Authentication Service PHP client development kit . An authentication bypass vulnerability exists in the 'validateCAS20' function in Jasig phpCAS version 1.3.4. An attacker can exploit this vulnerability to...

Pivotal Cloud Foundry and UAA Privileged Access Vulnerabilities

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...

Cannot Start App - Federation Authentication Service

The application launch fails with an error "Cannot Start App" once FAS is enabled on the StoreFront. On the StoreFront you will see Event ID 28 and on FAS server you will see Event ID 123...

MUNGE: Privilege escalation

Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...

Open Redirect Vulnerability in Multiple Pivotal Products at Login

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release version of PC...

[SECURITY] Fedora 25 Update: php-pear-CAS-1.3.5-1.fc25

This package is a PEAR library for using a Central Authentication Service. Autoloader '%pearphpdir/CAS/Autoload.php';...

[SECURITY] Fedora 26 Update: php-pear-CAS-1.3.5-1.fc26

This package is a PEAR library for using a Central Authentication Service. Autoloader '%pearphpdir/CAS/Autoload.php';...

Pivotal Cloud Foundry and UAA SQL Injection Vulnerabilities

Pivotal Cloud Foundry PCF and UAA are both products of US-based Pivotal Software. The former is a set of open source Platform-as-a-Service PaaS cloud computing platforms that provide features such as container scheduling, continuous delivery and automated service deployment, while the latter is a...

MS15-007: Vulnerability in Network Policy Server RADIUS implementation could cause denial of service: January 13, 2015

MS15-007: Vulnerability in Network Policy Server RADIUS implementation could cause denial of service: January 13, 2015 Summary This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow denial of service on Internet Authentication Service IAS or...

Apereo Webproxy Portlet Information Disclosure Vulnerability

Apereo Central Authentication Service CAS Server is a Jasig project under the Apereo Foundation that provides a trusted way for authenticated users to access applications. An information disclosure vulnerability exists in Apereo Webproxy Portlet versions prior to 2.2.2. An attacker could exploit...

Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2016-08394)

Cisco IOS and IOS XE Software are both operating systems developed by Cisco for its network devices.Authentication, Authorization and Accounting AAA is one of these modules that is used to process requests for computer resources and users and provide authentication, authorization, and authorizati...

Drupal CAS Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.CAS is one of the modules of the Java-based single sign-on solution. An information disclosure vulnerability exists in the Drupal CAS module in versions 7.x-1.5 prior to 7.x-1.x, which...