Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2022/11/01 6:11 p.m.32 views

phpCAS vulnerable to Service Hostname Discovery Exploitation

Impact The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm CAS server to authenticate to the service protected by phpCAS...

8CVSS7.7AI score0.01064EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/11/01 12:0 a.m.42 views

phpCAS vulnerable to Service Hostname Discovery Exploitation

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS1.1AI score0.01064EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.44 views

CVE-2022-39369 Service Hostname Discovery Exploitation in phpCAS

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS8.2AI score0.01064EPSS
Exploits0References5
Kitploit
Kitploit
added 2020/05/31 9:30 p.m.75 views

Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...

6.7AI score
Exploits0References6
OpenVAS
OpenVAS
added 2015/03/27 12:0 a.m.280 views

SSL/TLS: Hostname discovery from server certificate

It was possible to discover an additional hostname of this server from its certificate Common or Subject Alt Name. Copyright C 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

0.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2012/06/24 12:0 a.m.105 views

Apache Tomcat: Multiple vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, ...

7.5CVSS6.6AI score0.9444EPSS
Exploits33
Rows per page
Query Builder