CVE-2014-4172

CRITICAL

Jasig Java CAS Client <3.3.2, .NET CAS Client <1.0.2, phpCAS <1.3.3 - URL Parameter Injection

Title source: llm
STIX 2.1

Description

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

References (11)

Core 11
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1131350
Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
Third Party Advisory x_refsource_misc
https://github.com/Jasig/phpCAS/pull/125
Third Party Advisory x_refsource_misc
https://issues.jasig.org/browse/CASC-228
Third Party Advisory x_refsource_misc
https://www.debian.org/security/2014/dsa-3017.en.html
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673

Scores

CVSS v3 9.8
EPSS 0.1268
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (8)
apereo/.net_cas_client < 1.0.2
apereo/java_cas_client < 3.3.2
apereo/phpcas < 1.3.3
debian/debian_linux 7.0
fedoraproject/fedora 20
jasig/phpcas 0 - 1.3.3Packagist
nuget/DotNetCasClient 0 - 1.0.2NuGet
org.jasig.cas/cas-client 0 - 3.3.2Maven
Published Jan 24, 2020
Tracked Since Feb 18, 2026