6 matches found
[SECURITY] [DLA 3485-1] php-cas security update
Debian LTS Advisory DLA-3485-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 08, 2023 https://wiki.debian.org/LTS Package : php-cas Version : 1.3.6-1+deb10u1 CVE ID : CVE-2022-39369 Debian Bug : 1023571 A vulnerability has been found in phpCAS, a Central...
Debian dla-3487 : fusiondirectory - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3487 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3487-1 [email protected]...
Design/Logic Flaw
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
PT-2022-7432 · Phpcas +4 · Phpcas +4
Name of the Vulnerable Software and Affected Versions: phpCAS versions prior to 1.6.0 Description: The phpCAS library uses HTTP headers to determine the service URL used to validate tickets, allowing an attacker to control the host header and use a valid ticket granted for any authorized service ...
phpCAS vulnerable to Service Hostname Discovery Exploitation
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...