CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
60.9%
A vulnerability in the phpCAS::setUrl() function of the phpCAS authentication library is related to the use of HTTP headers to determine the URL of a service used to validate tickets.
HTTP to determine the URL of the service used to validate tickets, allowing the control of the
host header and use a valid ticket to authenticate to a phpCAS-protected service.
Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a user’s account
user account
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | php-pear-cas | < 1.6.1-1 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
60.9%