CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...

8.1CVSS7.7AI score0.00249EPSS

Exploits0References2

OpenVAS•added 2022/09/19 12:0 a.m.•11 views

Apereo Central Authentication Service (CAS) Detection Consolidation

Consolidation of Apereo formerly Jasig Central Authentication Service CAS detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.3AI score

Exploits0References1

Github Security Blog•added 2022/05/17 7:57 p.m.•21 views

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.12676EPSS

Exploits0References14Affected Software3

OSV•added 2022/05/17 7:57 p.m.•28 views

GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

9.8CVSS9AI score0.12676EPSS

Exploits0References13

NVD•added 2020/01/24 7:15 p.m.•12 views

CVE-2014-4172

9.8CVSS9.1AI score0.12676EPSS

Exploits0References11

OSV•added 2020/01/24 7:15 p.m.•6 views

CVE-2014-4172

9.8CVSS9.1AI score

Exploits0References14

UbuntuCve•added 2020/01/24 7:15 p.m.•33 views

CVE-2014-4172

9.8CVSS7.2AI score0.12676EPSS

Exploits0References2

Cvelist•added 2020/01/24 6:29 p.m.•17 views

CVE-2014-4172

9.1AI score0.12676EPSS

Exploits0References11

CVE•added 2020/01/24 6:29 p.m.•120 views

CVE-2014-4172

The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (

9.8CVSS8.9AI score0.12676EPSS

Exploits0References11Affected Software3

NVD•added 2019/12/05 7:15 p.m.•16 views

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

5.5CVSS5.3AI score0.00152EPSS

Exploits0References5

OSV•added 2019/12/05 7:15 p.m.•0 views

UBUNTU-CVE-2012-1105

5.5CVSS5.8AI score0.00152EPSS

Exploits0References3

Prion•added 2019/12/05 7:15 p.m.•14 views

Information disclosure

2.1CVSS6.7AI score0.00152EPSS

Exploits0References5Affected Software3

UbuntuCve•added 2019/12/05 7:15 p.m.•23 views

CVE-2012-1105

5.5CVSS6.1AI score0.00152EPSS

Exploits0References2

CVE•added 2019/12/05 6:26 p.m.•68 views

CVE-2012-1105

CVE-2012-1105: A information-disclosure vulnerability exists in the Jasig php-pear-CAS 1.2.2 package where the Central Authentication Service client library archives the debug logging file insecurely in /tmp, exposing partial confidentiality. Affected component: phpCAS library; root cause: insecu...

5.5CVSS5AI score0.00152EPSS

Exploits0References5Affected Software1

Cvelist•added 2019/12/05 6:26 p.m.•19 views

CVE-2012-1105

5.2AI score0.00152EPSS

Exploits0References5

NVD•added 2019/12/05 6:15 p.m.•14 views

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed...

5.3CVSS5.2AI score0.00244EPSS

Exploits0References5

Rows per page