CVE-2017-1000071

Опубликовано: 17 июл. 2017

Источник: debian

EPSS Низкий

Описание

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
php-cas	fixed	1.3.6-1		package
php-cas	no-dsa		stretch	package
php-cas	no-dsa		jessie	package
php-cas	no-dsa		wheezy	package

Примечания

https://github.com/Jasig/phpCAS/issues/228
Fixed by: https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd
The vulnerability only exists when the server is affected by
another very old vulnerability fixed in 2010.

EPSS

Процентиль: 48%

0.00249

Низкий

Связанные уязвимости

CVE-2017-1000071

CVSS3: 8.1

ubuntu

больше 8 лет назад

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

CVE-2017-1000071

CVSS3: 8.1

nvd

больше 8 лет назад

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

GHSA-fwrj-8jg7-7jr6

CVSS3: 8.1

github

больше 3 лет назад

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

EPSS

Процентиль: 48%

0.00249

Низкий