SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.8		CVSS Score : 7.5
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718

https://bugzilla.redhat.com/show_bug.cgi?id=1131350

https://exchange.xforce.ibmcloud.com/vulnerabilities/95673

https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d

https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814

https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

https://github.com/Jasig/phpCAS/pull/125

https://issues.jasig.org/browse/CASC-228

https://www.debian.org/security/2014/dsa-3017.en.html

https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html


30479



423868



248392



909



195452



282