9 matches found
EUVD-2014-2334
Malware in sbrugna...
XML External Entity (XXE)
Jasig CAS Client is vulnerable to XML External Entity XXE injection. The attacker can trigger the attack by sending malicious XML data because it does not prevent loading malicious XML data via java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server when Google Accounts Integration is on...
CVE-2014-2296
XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...
Xxe
XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...
CVE-2014-2296
The CVE-2014-2296 issue affects Jasig CAS Server, specifically the SamlUtils.java XML processing path. Affected versions are CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled. The vulnerability is an XML External Entity (XXE) flaw that allows remote ...
CVE-2014-2296
XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...
Jasig Central Authentication Service (CAS) < 4.0.2 Multiple XSS Vulnerabilities
Jasig Central Authentication Service CAS is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Jasig CAS 4.0.1 Cross Site Scripting
Jasig CAS server version 4.0.1 is prone to xss vulnerabilities Timeline: 20.02.2015 - Vendor notified 11.05.2015 - Patches released 21.09.2015 - Bugtraq disclosure Vulnerable version: 4.0.1 Fixed version: 4.0.2 Vulnerabilities details: 1 XSS in OpenID server Obtain method: Paste thi url...
[SECURITY] Fedora 20 Update: cas-client-3.3.3-1.fc20
Jasig CAS Client for Java is the integration point for applications that want to speak with a CAS server, either via the CAS 1.0 or CAS 2.0 protocol...