Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apereo cas server vulnerabilities and exploits

(subscribe to this query)
8.8
CVSSv3
CVE-2014-2296
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server prior to 3.4.12.1 and 3.5.x prior to 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.
Apereo Cas Server
NA
CVE-2015-1169
Apereo Central Authentication Service (CAS) Server prior to 3.5.3 allows remote malicious users to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Apereo Central Authentication Service
8.1
CVSSv3
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
8
CVSSv3
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an malicious user to control th...
Apereo PhpcasFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2023-28857
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert&rdquo...
Apereo Central Authentication Service
7.5
CVSSv3
CVE-2020-7226
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows malicious users to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within ...
Vt CryptacularOracle Webcenter Sites 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Webcenter Sites 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0Oracle Communications Services Gatekeeper 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook