Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Published

2020-01-24T19:15:12.010

Last Modified

2024-11-21T02:09:38.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apereo	.net_cas_client	< 1.0.2	Yes
Application	apereo	java_cas_client	< 3.3.2	Yes
Application	apereo	phpcas	< 1.3.3	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	fedoraproject	fedora	20	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html Third Party Advisory ([email protected])
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1131350 Issue Tracking, Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 Third Party Advisory, VDB Entry ([email protected])
https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d Patch, Third Party Advisory ([email protected])
https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 Patch, Third Party Advisory ([email protected])
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog Release Notes, Third Party Advisory ([email protected])
https://github.com/Jasig/phpCAS/pull/125 Third Party Advisory ([email protected])
https://issues.jasig.org/browse/CASC-228 Third Party Advisory ([email protected])
https://www.debian.org/security/2014/dsa-3017.en.html Third Party Advisory ([email protected])
https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1131350 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Jasig/phpCAS/pull/125 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.jasig.org/browse/CASC-228 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2014/dsa-3017.en.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html (af854a3a-2127-422b-91ae-364da2661108)