CVE-2012-1104Improper Privilege Management in Project Phpcas

CWE-269Improper Privilege Management7 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 52.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Glpi-project GlpiMoodleJasig Project Phpcas+2 more
Timeline
PublishedDec 5
Latest updateApr 23

Description

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5jasig_project/phpcas1.2.2
Ubuntuglpi-project/glpi< 0.84.3+dfsg.1-1
NVDapereo/phpcas1.2.2
Ubuntumoodle/moodle< 2.5.4-1ubuntu1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-w256-hx99-6r3x: A Security Bypass vulnerability exists in the phpCAS 12022-04-23
OSV
CVE-2012-1104: A Security Bypass vulnerability exists in the phpCAS 12019-12-05

💥Exploits & PoCs

1
Exploit-DB
Apple iOS 7.0.2 - Sim Lock Screen Display Bypass2013-10-15

💬Community

3
Bugzilla
CVE-2012-1104 php-pear-CAS: Improper management of service proxying2012-03-08
Bugzilla
CVE-2012-1104 CVE-2012-1105 php-pear-CAS various flaws [epel-all]2012-03-08
Bugzilla
CVE-2012-1104 CVE-2012-1105 php-pear-CAS various flaws [fedora-all]2012-03-08
CVE-2012-1104 — Improper Privilege Management | cvebase