Lucene search
K
ApereoPhpcas

9 matches found

CVE
CVE
added 2020/01/24 6:29 p.m.127 views

CVE-2014-4172

The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (

9.8CVSS8.9AI score0.06057EPSS
Web
CVE
CVE
added 2022/11/01 12:0 a.m.109 views

CVE-2022-39369

The CVE-2022-39369 issue concerns the phpCAS library, where the client determines the service URL from HTTP headers. An attacker controlling headers (e.g., Host, X-Forwarded-* or similar) can influence the service URL used to validate tickets, potentially enabling authentication to a victim’s CAS...

8CVSS8AI score0.01064EPSS
CVE
CVE
added 2019/12/05 6:26 p.m.73 views

CVE-2012-1105

CVE-2012-1105: A information-disclosure vulnerability exists in the Jasig php-pear-CAS 1.2.2 package where the Central Authentication Service client library archives the debug logging file insecurely in /tmp, exposing partial confidentiality. Affected component: phpCAS library; root cause: insecu...

5.5CVSS5AI score0.00464EPSS
CVE
CVE
added 2019/12/05 5:49 p.m.66 views

CVE-2012-1104

CVE-2012-1104 affects phpCAS (Central Authentication Service) library version 1.2.2 from the Jasig project, where the security bypass arises from how proxying of services is managed. The vulnerability enables bypass of certain security controls due to the proxying logic rather than a flaw in the ...

5.3CVSS5AI score0.01712EPSS
CVE
CVE
added 2017/07/13 8:0 p.m.61 views

CVE-2017-1000071

CVE-2017-1000071 affects Jasig phpCAS 1.3.4. The vulnerability is an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Connected sources confirm the affected component and scenario, but do not provide exploit details or a confirmed patc...

8.1CVSS8.1AI score0.03527EPSS
CVE
CVE
added 2010/10/07 8:21 p.m.60 views

CVE-2010-3691

CVE-2010-3691 affects phpCAS (in Moodle) prior to version 1.1.3. When proxy mode is enabled, PGTStorage/pgt-file.php is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. The exposed component is phpCAS in Moodle installations, with potential for file over...

3.3CVSS6.1AI score0.00353EPSS
CVE
CVE
added 2010/10/07 8:21 p.m.58 views

CVE-2010-3690

CVE-2010-3690 refers to multiple cross-site scripting (XSS) flaws in the phpCAS library used by Moodle, exploitable when proxy mode is enabled. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via the Proxy Granting Ticket IOU parameter to the callback (client.php) or th...

4.3CVSS5.4AI score0.02515EPSS
CVE
CVE
added 2014/06/06 2:0 p.m.57 views

CVE-2012-5583

CVE-2012-5583 affects the phpCAS library before 1.3.2. The issue is that the client does not verify that the server hostname matches a domain name in the X.509 certificate (CN or SAN), enabling MITM–style spoofing with arbitrary valid certificates. Affected software: phpCAS prior to 1.3.2. Impact...

5.8CVSS6.3AI score0.00585EPSS
CVE
CVE
added 2010/10/07 8:21 p.m.55 views

CVE-2010-3692

CVE-2010-3692 refers to a directory traversal vulnerability in the callback function of phpCAS before 1.1.3. When proxy mode is enabled, an attacker can abuse the Proxy Granting Ticket IOU parameter (PGTiou) to create or overwrite arbitrary files on the remote server. The issue is tied to the php...

6.4CVSS6.6AI score0.03626EPSS