9 matches found
CVE-2014-4172
The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (
CVE-2022-39369
The CVE-2022-39369 issue concerns the phpCAS library, where the client determines the service URL from HTTP headers. An attacker controlling headers (e.g., Host, X-Forwarded-* or similar) can influence the service URL used to validate tickets, potentially enabling authentication to a victim’s CAS...
CVE-2012-1105
CVE-2012-1105: A information-disclosure vulnerability exists in the Jasig php-pear-CAS 1.2.2 package where the Central Authentication Service client library archives the debug logging file insecurely in /tmp, exposing partial confidentiality. Affected component: phpCAS library; root cause: insecu...
CVE-2012-1104
CVE-2012-1104 affects phpCAS (Central Authentication Service) library version 1.2.2 from the Jasig project, where the security bypass arises from how proxying of services is managed. The vulnerability enables bypass of certain security controls due to the proxying logic rather than a flaw in the ...
CVE-2017-1000071
CVE-2017-1000071 affects Jasig phpCAS 1.3.4. The vulnerability is an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Connected sources confirm the affected component and scenario, but do not provide exploit details or a confirmed patc...
CVE-2010-3691
CVE-2010-3691 affects phpCAS (in Moodle) prior to version 1.1.3. When proxy mode is enabled, PGTStorage/pgt-file.php is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. The exposed component is phpCAS in Moodle installations, with potential for file over...
CVE-2010-3690
CVE-2010-3690 refers to multiple cross-site scripting (XSS) flaws in the phpCAS library used by Moodle, exploitable when proxy mode is enabled. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via the Proxy Granting Ticket IOU parameter to the callback (client.php) or th...
CVE-2012-5583
CVE-2012-5583 affects the phpCAS library before 1.3.2. The issue is that the client does not verify that the server hostname matches a domain name in the X.509 certificate (CN or SAN), enabling MITM–style spoofing with arbitrary valid certificates. Affected software: phpCAS prior to 1.3.2. Impact...
CVE-2010-3692
CVE-2010-3692 refers to a directory traversal vulnerability in the callback function of phpCAS before 1.1.3. When proxy mode is enabled, an attacker can abuse the Proxy Granting Ticket IOU parameter (PGTiou) to create or overwrite arbitrary files on the remote server. The issue is tied to the php...