CVE-2014-3527

CWE-287Improper AuthenticationCWE-348CWE-2907 documents6 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 41.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal Spring SecurityVmware Spring Security
Timeline
PublishedMay 25
Latest updateSep 15

Description

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those res

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDvmware/spring_security10 versions+9
CVEListV5pivotal/spring_security3.1 to 3.2.4

🔴Vulnerability Details

3
GHSA
Authorization Bypass in Spring Security2020-09-15
OSV
Authorization Bypass in Spring Security2020-09-15
CVEList
CVE-2014-3527: When using the CAS Proxy ticket authentication from Spring Security 32017-05-25

📋Vendor Advisories

1
Red Hat
CAS: Access control bypass via untrusted infomation usage in proxy ticket authentication2014-07-24

💬Community

2
Bugzilla
CVE-2014-3527 springframework-security: Spring Security CAS: Access control bypass via untrusted infomation usage in proxy ticket authentication [fedora-all]2014-08-19
Bugzilla
CVE-2014-3527 Spring Security CAS: Access control bypass via untrusted infomation usage in proxy ticket authentication2014-08-19
CVE-2014-3527 (CRITICAL CVSS 9.8) | When using the CAS Proxy ticket aut | cvebase.io