Phpcas
by Jasig
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000071 | Hig | 0.53 | 8.1 | 0.04 | Jul 17, 2017 | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | ||
| CVE-2012-1104 | 0.00 | — | 0.02 | Dec 5, 2019 | A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | |||
| CVE-2012-5583 | 0.00 | — | 0.01 | Jun 6, 2014 | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
- risk 0.53cvss 8.1epss 0.04
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
- CVE-2012-1104Dec 5, 2019risk 0.00cvss —epss 0.02
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
- CVE-2012-5583Jun 6, 2014risk 0.00cvss —epss 0.01
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.