7.5
CVSSv2

CVE-2014-4172

Published: 24/01/2020 Updated: 21/11/2024

Vulnerability Summary

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client prior to 3.3.2, .NET CAS Client prior to 1.0.2, and phpCAS prior to 1.3.3 that allow remote malicious users to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apereo .net cas client

apereo java cas client

apereo phpcas

debian debian linux 7.0

fedoraproject fedora 20

Vendor Advisories

Debian Bug report logs - #759718 php-cas needs to urlencode all tickets (CVE-2014-4172) Package: php-cas; Maintainer for php-cas is Xavier Guimard <yadd@debianorg>; Source for php-cas is src:php-cas (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Fri, 29 Aug 2014 18:00:02 UTC Severity: ...
Marvin S Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting For the stable distribution (wheezy), this problem has been fixed in version 131-4+deb7u1 The unstable distribution (sid) will be fixed soon We r ...