Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-2334

Malware in sbrugna...

8.8CVSS8.8AI score0.02055EPSS
Exploits0References3
Veracode
Veracode
added 2018/07/23 8:32 a.m.13 views

XML External Entity (XXE)

Jasig CAS Client is vulnerable to XML External Entity XXE injection. The attacker can trigger the attack by sending malicious XML data because it does not prevent loading malicious XML data via java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server when Google Accounts Integration is on...

8.8CVSS8.7AI score0.02055EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/20 5:29 p.m.15 views

CVE-2014-2296

XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...

8.8CVSS8.9AI score0.02055EPSS
Exploits0References2
Prion
Prion
added 2018/07/20 5:29 p.m.13 views

Xxe

XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...

6.8CVSS7.5AI score0.02055EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/20 5:0 p.m.46 views

CVE-2014-2296

The CVE-2014-2296 issue affects Jasig CAS Server, specifically the SamlUtils.java XML processing path. Affected versions are CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled. The vulnerability is an XML External Entity (XXE) flaw that allows remote ...

8.8CVSS8.8AI score0.02055EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/20 5:0 p.m.17 views

CVE-2014-2296

XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...

8.9AI score0.02055EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/19 12:0 a.m.82 views

Jasig Central Authentication Service (CAS) < 4.0.2 Multiple XSS Vulnerabilities

Jasig Central Authentication Service CAS is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.3AI score
Exploits0References3
Packet Storm
Packet Storm
added 2015/09/21 12:0 a.m.38 views

Jasig CAS 4.0.1 Cross Site Scripting

Jasig CAS server version 4.0.1 is prone to xss vulnerabilities Timeline: 20.02.2015 - Vendor notified 11.05.2015 - Patches released 21.09.2015 - Bugtraq disclosure Vulnerable version: 4.0.1 Fixed version: 4.0.2 Vulnerabilities details: 1 XSS in OpenID server Obtain method: Paste thi url...

7.4AI score
Exploits0
Fedora
Fedora
added 2014/08/30 3:58 a.m.25 views

[SECURITY] Fedora 20 Update: cas-client-3.3.3-1.fc20

Jasig CAS Client for Java is the integration point for applications that want to speak with a CAS server, either via the CAS 1.0 or CAS 2.0 protocol...

9.8CVSS3.4AI score0.06057EPSS
Exploits0
Rows per page
Query Builder