Skip to main content

Phpcas

3 CVEs product

Monthly

CVE-2022-39369 PHP HIGH PATCH This Week

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpcas Fedora
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2017-1000071 HIGH This Week

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Phpcas
NVD GitHub
CVSS 3.0
8.1
EPSS
0.2%
CVE-2012-5583 MEDIUM This Month

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Phpcas
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
EPSS 1% CVSS 8.0
HIGH PATCH This Week

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpcas +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Phpcas
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Phpcas
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy