Ubuntu: Security Advisory (USN-6914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6914-1 ocsinventory-server vulnerability

Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account...

USN-6914-1: OCS Inventory vulnerability

Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account...

USN-6913-1: phpCAS vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

USN-6913-1 php-cas vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

Ubuntu 20.04 LTS / 22.04 LTS : phpCAS vulnerability (USN-6913-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6913-1 advisory. Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use...

Debian dla-3486 : ocsinventory-reports - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3486-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3485-1] php-cas security update

Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : php-cas Version : 1.3.6-1+deb10u1 CVE ID : CVE-2022-39369 Debian Bug : 1023571 A vulnerability has been found in phpCAS, a Central...

Debian dla-3487 : fusiondirectory - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3487 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3487-1 [email protected]...

Privilege Escalation

apereo/phpcas is vulnerable to privilege escalation. The vulnerability exists because HTTP headers are not properly sanitized and the CAS server service registry does not properly validate authorized services in sso federation which allows an attacker to gain to access user account on a vulnerabl...

GHSA-8Q72-6QQ8-XV64 phpCAS vulnerable to Service Hostname Discovery Exploitation

Impact The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm CAS server to authenticate to the service protected by phpCAS...

phpCAS vulnerable to Service Hostname Discovery Exploitation

Impact The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm CAS server to authenticate to the service protected by phpCAS...

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

UBUNTU-CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

Design/Logic Flaw

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

CVE-2022-39369 Service Hostname Discovery Exploitation in phpCAS

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

CVE-2022-39369

The CVE-2022-39369 issue concerns the phpCAS library, where the client determines the service URL from HTTP headers. An attacker controlling headers (e.g., Host, X-Forwarded-* or similar) can influence the service URL used to validate tickets, potentially enabling authentication to a victim’s CAS...

CVE-2022-39369 Service Hostname Discovery Exploitation in phpCAS

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...