Published: 05/08/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

phpCAS prior to 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joachim fritschi phpcas 1.0.0
joachim fritschi phpcas 0.6.0
joachim fritschi phpcas 0.4.19
joachim fritschi phpcas 0.4.18
joachim fritschi phpcas 1.1.0
joachim fritschi phpcas 1.0.1
joachim fritschi phpcas 0.4.21
joachim fritschi phpcas 0.4.20
joachim fritschi phpcas 0.4.12
joachim fritschi phpcas 0.4.11
joachim fritschi phpcas 0.4.4
joachim fritschi phpcas 0.4.3
joachim fritschi phpcas 0.2
joachim fritschi phpcas
joachim fritschi phpcas 0.4.23
joachim fritschi phpcas 0.4.22
joachim fritschi phpcas 0.4.14
joachim fritschi phpcas 0.4.13
joachim fritschi phpcas 0.4.6
joachim fritschi phpcas 0.4.5
joachim fritschi phpcas 0.3.1
joachim fritschi phpcas 0.3
joachim fritschi phpcas 0.5.1
joachim fritschi phpcas 0.5.0
joachim fritschi phpcas 0.4.16
joachim fritschi phpcas 0.4.15
joachim fritschi phpcas 0.4.8
joachim fritschi phpcas 0.4.7
joachim fritschi phpcas 0.4
joachim fritschi phpcas 0.3.2
joachim fritschi phpcas 0.4.17
joachim fritschi phpcas 0.4.10
joachim fritschi phpcas 0.4.9
joachim fritschi phpcas 0.4.2
joachim fritschi phpcas 0.4.1

Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP The Moodle course management system includes a copy of phpCAS For the oldstable distribution (lenny), this problem has been fixed in version 1813-3 The stable distribution (squeeze) already contains a fixed version of phpCAS The unstable distribution (sid) alr ...

CWE-20 https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog https://issues.jasig.org/browse/PHPCAS-61 http://www.securityfocus.com/bid/42162 http://secunia.com/advisories/40845 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html http://www.vupen.com/english/advisories/2010/2234 http://secunia.com/advisories/41240 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html http://www.vupen.com/english/advisories/2010/2261 https://forge.indepnet.net/projects/glpi/repository/revisions/12601 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://secunia.com/advisories/42149 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://www.vupen.com/english/advisories/2010/2909 http://secunia.com/advisories/42184 http://secunia.com/advisories/43427 http://www.debian.org/security/2011/dsa-2172 http://www.vupen.com/english/advisories/2011/0456 https://exchange.xforce.ibmcloud.com/vulnerabilities/60894 https://nvd.nist.gov https://www.debian.org/security/./dsa-2172

CVE-2010-2795

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect