4 matches found
EUVD-2014-2334
Malware in sbrugna...
XML External Entity (XXE)
Jasig CAS Client is vulnerable to XML External Entity XXE injection. The attacker can trigger the attack by sending malicious XML data because it does not prevent loading malicious XML data via java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server when Google Accounts Integration is on...
CVE-2014-2296
XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...
CVE-2014-2296
The CVE-2014-2296 issue affects Jasig CAS Server, specifically the SamlUtils.java XML processing path. Affected versions are CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled. The vulnerability is an XML External Entity (XXE) flaw that allows remote ...