Описание
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libphp-cas | itp | package | ||
| glpi | removed | package | ||
| moodle | fixed | 1.9.9.dfsg2-2 | package |
Примечания
Only supported behind an authenticated HTTP zone
Связанные уязвимости
nvd
больше 15 лет назад
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.
github
больше 3 лет назад
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.