13 matches found
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
Fedora 37 : php-pear-CAS (2022-d6c6782130)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d6c6782130 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...
Ubuntu: Security Advisory (USN-6913-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6914-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6913-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3485-1] php-cas security update
Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : php-cas Version : 1.3.6-1+deb10u1 CVE ID : CVE-2022-39369 Debian Bug : 1023571 A vulnerability has been found in phpCAS, a Central...
Debian dla-3485 : php-cas - security update
"The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3485 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/...
Debian dla-3487 : fusiondirectory - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3487 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3487-1 [email protected]...
Fedora 35 : php-pear-CAS (2022-76b3530ac2)
The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-76b3530ac2 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...
Fedora 36 : php-pear-CAS (2022-37c2d26f59)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-37c2d26f59 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...
Fedora: Security Advisory for php-pear-CAS (FEDORA-2022-37c2d26f59)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
CVE-2022-39369
The CVE-2022-39369 issue concerns the phpCAS library, where the client determines the service URL from HTTP headers. An attacker controlling headers (e.g., Host, X-Forwarded-* or similar) can influence the service URL used to validate tickets, potentially enabling authentication to a victim’s CAS...