Lucene search
GoogleOSV:DSA-3017-1HistorySep 02, 2014 - 12:00 a.m.
php-cas - security update
2014-09-0200:00:00
Google
osv.dev
12
EPSS
0.024
Percentile
90.0%
Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the
CAS authentication protocol, did not encode tickets before adding them
to an URL, creating a possibility for cross site scripting.
For the stable distribution (wheezy), this problem has been fixed in
version 1.3.1-4+deb7u1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your php-cas packages.
References
Related
ubuntucve
ubuntucve
CVE-2014-4172
2020-01-24 00:00:00
openvas
openvas
Fedora Update for cas-client FEDORA-2014-9662
2014-08-31 00:00:00
Debian Security Advisory DSA 3017-1 (php-cas - security update)
2014-09-02 00:00:00
Debian: Security Advisory (DSA-3017-1)
2014-09-01 00:00:00
nessus
nessus
Debian DSA-3017-1 : php-cas - security update
2014-09-04 00:00:00
Fedora 20 : cas-client-3.3.3-1.fc20 (2014-9662)
2014-08-30 00:00:00
debian
debian
[SECURITY] [DSA 3017-1] php-cas security update
2014-09-02 16:40:14
veracode
veracode
Cross-site Scripting (XSS)
2020-01-28 05:19:07
prion
prion
Code injection
2020-01-24 19:15:00
debiancve
debiancve
CVE-2014-4172
2020-01-24 19:15:12
fedora
fedora
[SECURITY] Fedora 20 Update: cas-client-3.3.3-1.fc20
2014-08-30 03:58:45
cvelist
cvelist
CVE-2014-4172
2020-01-24 18:29:32
osv
osv
securityvulns
securityvulns
[SECURITY] [DSA 3017-1] php-cas security update
2014-10-15 00:00:00
cve
cve
CVE-2014-4172
2020-01-24 19:15:12
mageia
mageia
Updated php-pear-CAS packages fix CVE-2014-4172
2014-09-24 20:44:28
github
github
nvd
nvd
CVE-2014-4172
2020-01-24 19:15:12
redhat
redhat
(RHSA-2015:1009) Important: Red Hat JBoss Portal 6.2.0 update
2015-05-14 15:12:54