CVE - CVE-2010-3692

CVE-ID
CVE-2010-3692	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:41878 URL:http://secunia.com/advisories/41878 MISC:42149 URL:http://secunia.com/advisories/42149 MISC:42184 URL:http://secunia.com/advisories/42184 MISC:43427 URL:http://secunia.com/advisories/43427 MISC:43585 URL:http://www.securityfocus.com/bid/43585 MISC:ADV-2010-2705 URL:~~http://www.vupen.com/english/advisories/2010/2705~~ (Obsolete source) MISC:ADV-2010-2909 URL:~~http://www.vupen.com/english/advisories/2010/2909~~ (Obsolete source) MISC:ADV-2011-0456 URL:~~http://www.vupen.com/english/advisories/2011/0456~~ (Obsolete source) MISC:DSA-2172 URL:http://www.debian.org/security/2011/dsa-2172 MISC:FEDORA-2010-15943 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html MISC:FEDORA-2010-15970 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html MISC:FEDORA-2010-16905 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html MISC:FEDORA-2010-16912 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html MISC:[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback URL:http://www.openwall.com/lists/oss-security/2010/09/29/6 MISC:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback URL:http://www.openwall.com/lists/oss-security/2010/10/01/2 MISC:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback URL:http://www.openwall.com/lists/oss-security/2010/10/01/5 MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 MISC:https://developer.jasig.org/source/changelog/jasigsvn?cs=21538 URL:https://developer.jasig.org/source/changelog/jasigsvn?cs=21538 MISC:https://forge.indepnet.net/projects/glpi/repository/revisions/12601 URL:https://forge.indepnet.net/projects/glpi/repository/revisions/12601 MISC:https://issues.jasig.org/browse/PHPCAS-80 URL:https://issues.jasig.org/browse/PHPCAS-80
Assigning CNA
Red Hat, Inc.
Date Record Created
20101001	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101001)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.