ソフト名:phpCAS 1.0.1~1.1.1
回避策:PHPCAS-80にて対応
脆弱性:シムリンク攻撃, ディレクトリトラバーサル, XSS, 不安定な一時ファイルの作成, 認証資格情報の奪取
ソース:https://issues.jasig.org/browse/PHPCAS-80
http://secunia.com/advisories/41655
危険性:Medium Risk
2010-08-06
phpCAS
ソフト名:phpCAS 1.1/1.1 RC7/1.1.1
回避策:PHPCAS-61, PHPCAS-67にて対応
脆弱性:セッションの乗っ取り, XSS, 認証資格情報の奪取
ソース:https://wiki.jasig.org/display/CASC/phpCAS
https://issues.jasig.org/browse/PHPCAS-61
https://issues.jasig.org/browse/PHPCAS-67
http://www.securityfocus.com/bid/42160
http://www.securityfocus.com/bid/42162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2796
http://secunia.com/advisories/40845
CVE:CVE-2010-2795, CVE-2010-2796
危険性:Medium Risk
回避策:PHPCAS-61, PHPCAS-67にて対応
脆弱性:セッションの乗っ取り, XSS, 認証資格情報の奪取
ソース:https://wiki.jasig.org/display/CASC/phpCAS
https://issues.jasig.org/browse/PHPCAS-61
https://issues.jasig.org/browse/PHPCAS-67
http://www.securityfocus.com/bid/42160
http://www.securityfocus.com/bid/42162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2796
http://secunia.com/advisories/40845
CVE:CVE-2010-2795, CVE-2010-2796
危険性:Medium Risk
2010-03-24
phpCAS
ソフト名:phpCAS 1.0.1
回避策:アップデートにて対応
脆弱性:XSS
ソース:http://www.ja-sig.org/issues/browse/PHPCAS-52
http://www.ja-sig.org/wiki/display/CASC/phpCAS
http://www.securityfocus.com/bid/38883
http://secunia.com/advisories/39055
http://secunia.com/advisories/39086
危険性:Medium Risk
回避策:アップデートにて対応
脆弱性:XSS
ソース:http://www.ja-sig.org/issues/browse/PHPCAS-52
http://www.ja-sig.org/wiki/display/CASC/phpCAS
http://www.securityfocus.com/bid/38883
http://secunia.com/advisories/39055
http://secunia.com/advisories/39086
危険性:Medium Risk
登録:
投稿 (Atom)
