Apereo Phpcas
6 CVEs affecting Apereo Phpcas. Latest disclosed: 2022-11-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1000071 | High | 8.1 | 2017-07-17 | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. |
CVE-2022-39369 | High | 8.0 | 2022-11-01 | phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS lib… |
CVE-2012-5583 | | 2014-06-06 | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certi… | |
CVE-2010-3692 | | 2010-10-07 | Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create… | |
CVE-2010-3691 | | 2010-10-07 | PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecif… | |
CVE-2010-3690 | | 2010-10-07 | Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script o… |