CVE-2014-4172 - Vulnerability Details

Vendors	Products
Apereo	.net Cas Client Java Cas Client Phpcas
Debian	Debian Linux
Fedoraproject	Fedora
Redhat	Jboss Enterprise Portal Platform

Package	CPE	Advisory	Released Date
Red Hat JBoss Portal 6.2
cas-client	cpe:/a:redhat:jboss_enterprise_portal_platform:6.2	RHSA-2015:1009	2015-05-14T00:00:00Z

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
https://bugzilla.redhat.com/show_bug.cgi?id=1131350
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
https://github.com/Jasig/phpCAS/pull/125
https://issues.jasig.org/browse/CASC-228
https://nvd.nist.gov/vuln/detail/CVE-2014-4172
https://www.cve.org/CVERecord?id=CVE-2014-4172
https://www.debian.org/security/2014/dsa-3017.en.html
https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html
https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T18:29:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Jasig/phpCAS/pull/125"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.jasig.org/browse/CASC-228"}, {"tags": ["x_refsource_MISC"], "url": "https://www.debian.org/security/2014/dsa-3017.en.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, {"name": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html", "refsource": "MISC", "url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"}, {"name": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", "refsource": "MISC", "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"}, {"name": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", "refsource": "MISC", "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"}, {"name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", "refsource": "MISC", "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"}, {"name": "https://github.com/Jasig/phpCAS/pull/125", "refsource": "MISC", "url": "https://github.com/Jasig/phpCAS/pull/125"}, {"name": "https://issues.jasig.org/browse/CASC-228", "refsource": "MISC", "url": "https://issues.jasig.org/browse/CASC-228"}, {"name": "https://www.debian.org/security/2014/dsa-3017.en.html", "refsource": "MISC", "url": "https://www.debian.org/security/2014/dsa-3017.en.html"}, {"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", "refsource": "MISC", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:04:28.882Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Jasig/phpCAS/pull/125"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.jasig.org/browse/CASC-228"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.debian.org/security/2014/dsa-3017.en.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4172", "datePublished": "2020-01-24T18:29:32", "dateReserved": "2014-06-17T00:00:00", "dateUpdated": "2024-08-06T11:04:28.882Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-06-24T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-01-24T18:29:32 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/Jasig/phpCAS/pull/125 (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://issues.jasig.org/browse/CASC-228 (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.debian.org/security/2014/dsa-3017.en.html (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-4172 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

refsource : MISC (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

1 : { »

name : https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html (string)

refsource : MISC (string)

url : https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html (string)

}

2 : { »

name : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

refsource : MISC (string)

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

}

3 : { »

name : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

refsource : MISC (string)

url : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

}

4 : { »

name : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

refsource : MISC (string)

url : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

}

5 : { »

name : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

refsource : MISC (string)

url : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

}

6 : { »

name : https://github.com/Jasig/phpCAS/pull/125 (string)

refsource : MISC (string)

url : https://github.com/Jasig/phpCAS/pull/125 (string)

}

7 : { »

name : https://issues.jasig.org/browse/CASC-228 (string)

refsource : MISC (string)

url : https://issues.jasig.org/browse/CASC-228 (string)

}

8 : { »

name : https://www.debian.org/security/2014/dsa-3017.en.html (string)

refsource : MISC (string)

url : https://www.debian.org/security/2014/dsa-3017.en.html (string)

}

9 : { »

name : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

refsource : MISC (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

}

10 : { »

name : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

refsource : MISC (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:04:28.882Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/Jasig/phpCAS/pull/125 (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://issues.jasig.org/browse/CASC-228 (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.debian.org/security/2014/dsa-3017.en.html (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-4172 (string)

datePublished : 2020-01-24T18:29:32 (string)

dateReserved : 2014-06-17T00:00:00 (string)

dateUpdated : 2024-08-06T11:04:28.882Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apereo:.net_cas_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D3881B-F7F5-4E0F-B76F-EFA42ECB0E75", "versionEndExcluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apereo:java_cas_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A6BA56C-70FF-46A7-8648-E412BEA54EB9", "versionEndExcluding": "3.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*", "matchCriteriaId": "949AB748-0980-4F16-8031-42A413597117", "versionEndExcluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n de par\u00e1metros de URL en el paso de validaci\u00f3n de tickets del canal posterior del protocolo CAS en Jasig Java CAS Client versiones anteriores a 3.3.2, .NET CAS Client versiones anteriores a 1.0.2 y phpCAS versiones anteriores a 1.3.3, que permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) par\u00e1metro service en el archivo validation/AbstractUrlBasedTicketValidator.java o del (2) par\u00e1metro pgtUrl en el archivo validation/Cas20ServiceTicketValidator.java."}], "id": "CVE-2014-4172", "lastModified": "2024-11-21T02:09:38.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-24T19:15:12.010", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Jasig/phpCAS/pull/125"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://issues.jasig.org/browse/CASC-228"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2014/dsa-3017.en.html"}, {"source": "cve@mitre.org", "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/Jasig/phpCAS/pull/125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://issues.jasig.org/browse/CASC-228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2014/dsa-3017.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apereo:.net_cas_client:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D0D3881B-F7F5-4E0F-B76F-EFA42ECB0E75 (string)

versionEndExcluding : 1.0.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apereo:java_cas_client:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A6BA56C-70FF-46A7-8648-E412BEA54EB9 (string)

versionEndExcluding : 3.3.2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 949AB748-0980-4F16-8031-42A413597117 (string)

versionEndExcluding : 1.3.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* (string)

matchCriteriaId : FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. (string)

}

1 : { »

lang : es (string)

value : Se detectó una vulnerabilidad de inyección de parámetros de URL en el paso de validación de tickets del canal posterior del protocolo CAS en Jasig Java CAS Client versiones anteriores a 3.3.2, .NET CAS Client versiones anteriores a 1.0.2 y phpCAS versiones anteriores a 1.3.3, que permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro service en el archivo validation/AbstractUrlBasedTicketValidator.java o del (2) parámetro pgtUrl en el archivo validation/Cas20ServiceTicketValidator.java. (string)

}

]

id : CVE-2014-4172 (string)

lastModified : 2024-11-21T02:09:38.420 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-01-24T19:15:12.010 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/Jasig/phpCAS/pull/125 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://issues.jasig.org/browse/CASC-228 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2014/dsa-3017.en.html (string)

}

10 : { »

source : cve@mitre.org (string)

url : https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/Jasig/phpCAS/pull/125 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://issues.jasig.org/browse/CASC-228 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2014/dsa-3017.en.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.mail-archive.com/cas-user%40lists.jasig.org/msg17338.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-74 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:1009", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "package": "cas-client", "product_name": "Red Hat JBoss Portal 6.2", "release_date": "2015-05-14T00:00:00Z"}], "bugzilla": {"description": "cas-client: Bypass of security constraints via URL parameter injection", "id": "1131350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java."], "name": "CVE-2014-4172", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Will not fix", "package_name": "jasperreports-server-pro", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "cas-client", "product_name": "Red Hat JBoss Portal 5"}], "public_date": "2014-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4172\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4172\nhttps://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html"], "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:1009 (string)

cpe : cpe:/a:redhat:jboss_enterprise_portal_platform:6.2 (string)

package : cas-client (string)

product_name : Red Hat JBoss Portal 6.2 (string)

release_date : 2015-05-14T00:00:00Z (string)

}

]

bugzilla : { »

description : cas-client: Bypass of security constraints via URL parameter injection (string)

id : 1131350 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1131350 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:N (string)

status : verified (string)

}

details : [ »

0 : A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. (string)

]

name : CVE-2014-4172 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:enterprise_linux:7::hypervisor (string)

fix_state : Will not fix (string)

package_name : jasperreports-server-pro (string)

product_name : Red Hat Enterprise Virtualization 3 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_enterprise_portal_platform:5 (string)

fix_state : Affected (string)

package_name : cas-client (string)

product_name : Red Hat JBoss Portal 5 (string)

}

]

public_date : 2014-08-11T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-4172 https://nvd.nist.gov/vuln/detail/CVE-2014-4172 https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html (string)

]

threat_severity : Important (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object