Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2025/02/05 7:33 p.m.8 views

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS6.9AI score0.01064EPSS
Exploits0References1
nessus
nessus
added 2024/11/14 12:0 a.m.10 views

Fedora 37 : php-pear-CAS (2022-d6c6782130)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d6c6782130 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...

8CVSS7.5AI score0.01064EPSS
Exploits0References2
openvas
openvas
added 2024/08/01 12:0 a.m.11 views

Ubuntu: Security Advisory (USN-6913-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.1AI score0.01064EPSS
Exploits0References3
openvas
openvas
added 2024/07/26 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.5AI score0.01064EPSS
Exploits0References2
openvas
openvas
added 2024/07/26 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-6913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.5AI score0.01064EPSS
Exploits0References3
debian
debian
added 2023/07/08 2:3 p.m.37 views

[SECURITY] [DLA 3485-1] php-cas security update

Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : php-cas Version : 1.3.6-1+deb10u1 CVE ID : CVE-2022-39369 Debian Bug : 1023571 A vulnerability has been found in phpCAS, a Central...

8CVSS6.5AI score0.01064EPSS
Exploits0
nessus
nessus
added 2023/07/08 12:0 a.m.24 views

Debian dla-3485 : php-cas - security update

"The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3485 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/...

8CVSS7.4AI score0.01064EPSS
Exploits0References4
nessus
nessus
added 2023/07/08 12:0 a.m.25 views

Debian dla-3487 : fusiondirectory - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3487 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3487-1 [email protected]...

9.8CVSS7.4AI score0.01064EPSS
Exploits2References8
nessus
nessus
added 2022/12/23 12:0 a.m.33 views

Fedora 35 : php-pear-CAS (2022-76b3530ac2)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-76b3530ac2 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...

8CVSS7.5AI score0.01064EPSS
Exploits0References2
nessus
nessus
added 2022/12/22 12:0 a.m.28 views

Fedora 36 : php-pear-CAS (2022-37c2d26f59)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-37c2d26f59 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...

8CVSS7.5AI score0.01064EPSS
Exploits0References2
openvas
openvas
added 2022/11/11 12:0 a.m.18 views

Fedora: Security Advisory for php-pear-CAS (FEDORA-2022-37c2d26f59)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8CVSS7.9AI score0.01064EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2022/11/01 5:15 p.m.43 views

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS6.6AI score0.01064EPSS
Exploits0References5
cve
cve
added 2022/11/01 12:0 a.m.112 views

CVE-2022-39369

The CVE-2022-39369 issue concerns the phpCAS library, where the client determines the service URL from HTTP headers. An attacker controlling headers (e.g., Host, X-Forwarded-* or similar) can influence the service URL used to validate tickets, potentially enabling authentication to a victim’s CAS...

8CVSS8AI score0.01064EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder