CVE-2015-1169
published 2015-02-10CVE-2015-1169: Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.84%
84.9th percentile
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apereo | central_authentication_service | <= 3.5.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.htmlhttp://seclists.org/fulldisclosure/2015/Jan/87https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309chttps://github.com/Jasig/cas/pull/411https://issues.jasig.org/browse/CAS-1429http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.htmlhttp://seclists.org/fulldisclosure/2015/Jan/87https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309chttps://github.com/Jasig/cas/pull/411https://issues.jasig.org/browse/CAS-1429
2015-02-10
Published