CVE Vulnerabilities

CVE-2014-4172

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: Jan 24, 2020 | Modified: Nov 07, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
.net_cas_client Apereo * 1.0.2 (excluding)
Java_cas_client Apereo * 3.3.2 (excluding)
Phpcas Apereo * 1.3.3 (excluding)
Php-cas Ubuntu artful *
Php-cas Ubuntu trusty *
Php-cas Ubuntu upstream *
Php-cas Ubuntu utopic *
Php-cas Ubuntu vivid *
Php-cas Ubuntu wily *
Php-cas Ubuntu yakkety *
Php-cas Ubuntu zesty *
Red Hat JBoss Portal 6.2 RedHat cas-client *

Potential Mitigations

References