CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Github Security Blog•added 2020/09/15 8:16 p.m.•70 views

Authorization Bypass in Spring Security

When using Spring Security's CAS Proxy ticket authentication a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is...

9.8CVSS8.3AI score0.00359EPSS

Exploits0References5Affected Software1

OSV•added 2020/09/15 8:16 p.m.•27 views

GHSA-WMV4-5W76-VP9G Authorization Bypass in Spring Security

9.8CVSS8.2AI score0.00359EPSS

Exploits0References5

UbuntuCve•added 2017/05/25 5:29 p.m.•30 views

CVE-2014-3527

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the...

9.8CVSS7.2AI score0.00359EPSS

Exploits0References3

NVD•added 2017/05/25 5:29 p.m.•22 views

CVE-2014-3527

9.8CVSS9.5AI score0.00359EPSS

Exploits0References1

Prion•added 2017/05/25 5:29 p.m.•12 views

Design/Logic Flaw

7.5CVSS6.8AI score0.00359EPSS

Exploits0References1Affected Software1

CVE•added 2017/05/25 5:0 p.m.•81 views

CVE-2014-3527

The CVE-2014-3527 issue affects Spring Security’s CAS Proxy ticket authentication (versions 3.1 to 3.2.4). The root cause is that the proxy ticket authentication relies on HttpServletRequest data that can be populated from untrusted information, enabling a malicious CAS service to bypass access c...

9.8CVSS8.2AI score0.00359EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/05/25 5:0 p.m.•22 views

CVE-2014-3527

9.4AI score0.00359EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by