5.3

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApereoPhpcas Version1.2.2
   LinuxLinux Kernel Version-
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.744
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.openwall.com/lists/oss-security/2012/03/05/7
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104
Third Party Advisory
Issue Tracking
https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
Third Party Advisory
Release Notes
https://security-tracker.debian.org/tracker/CVE-2012-1104
Third Party Advisory
https://www.securityfocus.com/bid/52279
Third Party Advisory
VDB Entry