ID de Prueba:	1.3.6.1.4.1.25623.1.0.703017
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3017-1 (php-cas - security update)
Resumen:	Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the;CAS authentication protocol, did not encode tickets before adding them;to an URL, creating a possibility for cross site scripting.
Descripción:	Summary: Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. Affected Software/OS: php-cas on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 1.3.1-4+deb7u1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your php-cas packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4172 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718 https://bugzilla.redhat.com/show_bug.cgi?id=1131350 https://exchange.xforce.ibmcloud.com/vulnerabilities/95673 https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814 https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog https://github.com/Jasig/phpCAS/pull/125 https://issues.jasig.org/browse/CASC-228 https://www.debian.org/security/2014/dsa-3017.en.html https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.