Description
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
References (20)
Core 20
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2172
Various Sources x_refsource_confirm
https://issues.jasig.org/browse/PHPCAS-80
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0456
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2909
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43585
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42149
Various Sources x_refsource_confirm
https://forge.indepnet.net/projects/glpi/repository/revisions/12601
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2705
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43427
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/29/6
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
Various Sources x_refsource_confirm
https://developer.jasig.org/source/changelog/jasigsvn?cs=21538
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41878
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42184
Scores
EPSS
0.0363
EPSS Percentile
88.1%
Details
CWE
CWE-22
Status
published
Products (30)
apereo/phpcas
0.2
apereo/phpcas
0.3
apereo/phpcas
0.3.1
apereo/phpcas
0.3.2
apereo/phpcas
0.4
apereo/phpcas
0.4.1
apereo/phpcas
0.4.8
apereo/phpcas
0.4.9
apereo/phpcas
0.4.10
apereo/phpcas
0.4.11
... and 20 more
Published
Oct 07, 2010
Tracked Since
Feb 18, 2026