CVE-2010-2795

phpCAS < 1.1.2 - Authenticated Session Hijacking via Crafted Ticket Value

Title source: llm
STIX 2.1

Description

phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.

References (19)

Core 19
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2172
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0456
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41240
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40845
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60894
Patch x_refsource_confirm
https://issues.jasig.org/browse/PHPCAS-61
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2909
Third Party Advisory x_refsource_confirm
https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2261
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42149
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43427
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42162
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2234
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42184

Scores

EPSS 0.0226
EPSS Percentile 81.0%

Details

CWE
CWE-20
Status published
Products (35)
joachim_fritschi/phpcas 0.2
joachim_fritschi/phpcas 0.3
joachim_fritschi/phpcas 0.3.1
joachim_fritschi/phpcas 0.3.2
joachim_fritschi/phpcas 0.4
joachim_fritschi/phpcas 0.4.1
joachim_fritschi/phpcas 0.4.2
joachim_fritschi/phpcas 0.4.3
joachim_fritschi/phpcas 0.4.4
joachim_fritschi/phpcas 0.4.5
... and 25 more
Published Aug 05, 2010
Tracked Since Feb 18, 2026