CVE-2012-1105 — Sensitive Information Exposure in Project Php-pear-cas

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 64.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi Moodle Jasig Project Php-pear-cas +3 more

Timeline

PublishedDec 5

Latest updateApr 23

Description

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5jasig_project/php-pear-cas1.2.2

▶Ubuntuglpi-project/glpi< 0.84.3+dfsg.1-1

▶Ubuntumoodle/moodle< 2.5.4-1ubuntu1

▶NVDapereo/phpcas1.2.2

Also affects: Fedora 15, 16, Debian Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rfxh-pjwm-crgg: An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1↗2022-04-23

▶

OSV

CVE-2012-1105: An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1↗2019-12-05

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS 7.0.2 - Sim Lock Screen Display Bypass↗2013-10-15

▶

💬Community

Bugzilla

CVE-2012-1105 php-pear-CAS: Debug log and proxy configuration session data stored in /tmp without proper protection↗2012-03-08

▶

Bugzilla

CVE-2012-1104 CVE-2012-1105 php-pear-CAS various flaws [epel-all]↗2012-03-08

▶

Bugzilla

CVE-2012-1104 CVE-2012-1105 php-pear-CAS various flaws [fedora-all]↗2012-03-08

▶