Vulnerability Name:

CVE-2014-4172 (CCN-95673)

Assigned:2014-09-01
Published:2014-09-01
Updated:2020-02-12
Summary:A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-74
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-4172

Source: MISC
Type: Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html

Source: CCN
Type: BID-69496
Jasig Multiple CAS Clients CVE-2014-4172 Security Bypass Vulnerability

Source: MISC
Type: Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1131350

Source: CCN
Type: Red Hat Bugzilla Bug 1131350
(CVE-2014-4172) CVE-2014-4172 cas-client: Bypass of security constraints via URL parameter injection

Source: MISC
Type: Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95673

Source: XF
Type: UNKNOWN
jasig-cas-cve20144172-sec-bypass(95673)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

Source: MISC
Type: Third Party Advisory
https://github.com/Jasig/phpCAS/pull/125

Source: MISC
Type: Third Party Advisory
https://issues.jasig.org/browse/CASC-228

Source: CCN
Type: Moodle Security Advisory MSA-14-0033
URL parameter injection in CAS authentication

Source: MISC
Type: Third Party Advisory
https://www.debian.org/security/2014/dsa-3017.en.html

Source: CCN
Type: CAS-User mailing list
[cas-user] CAS Client Security Vulnerability CVE-2014-4172

Source: MISC
Type: Patch, Third Party Advisory
https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-4172

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apereo:.net_cas_client:*:*:*:*:*:*:*:* (Version < 1.0.2)
  • OR cpe:/a:apereo:java_cas_client:*:*:*:*:*:*:*:* (Version < 3.3.2)
  • OR cpe:/a:apereo:phpcas:*:*:*:*:*:*:*:* (Version < 1.3.3)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:20:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apereo:phpcas:1.3.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.7.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:201441720000000
    V
    		CVE-2014-4172 on Ubuntu 18.04 LTS (bionic) - medium.
    2020-01-24
    oval:com.ubuntu.xenial:def:201441720000000
    V
    		CVE-2014-4172 on Ubuntu 16.04 LTS (xenial) - medium.
    2020-01-24
    oval:org.mitre.oval:def:26505
    P
    		DSA-3017-1 php-cas - security update
    2014-10-27
    oval:com.ubuntu.artful:def:20144172000
    V
    		CVE-2014-4172 on Ubuntu 17.10 (artful) - medium.
    2014-09-02
    oval:com.ubuntu.xenial:def:20144172000
    V
    		CVE-2014-4172 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-09-02
    oval:com.ubuntu.bionic:def:20144172000
    V
    		CVE-2014-4172 on Ubuntu 18.04 LTS (bionic) - medium.
    2014-09-02
    oval:com.ubuntu.disco:def:201441720000000
    V
    		CVE-2014-4172 on Ubuntu 19.04 (disco) - medium.
    2014-09-02
    oval:com.ubuntu.cosmic:def:20144172000
    V
    		CVE-2014-4172 on Ubuntu 18.10 (cosmic) - medium.
    2014-09-02
    oval:com.ubuntu.cosmic:def:201441720000000
    V
    		CVE-2014-4172 on Ubuntu 18.10 (cosmic) - medium.
    2014-09-02
    oval:com.ubuntu.trusty:def:20144172000
    V
    		CVE-2014-4172 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-09-02
    BACK
    apereo .net cas client *
    apereo java cas client *
    apereo phpcas *
    debian debian linux 7.0
    fedoraproject fedora 20
    apereo phpcas 1.3.2
    moodle moodle 2.5.0
    moodle moodle 2.6.0
    moodle moodle 2.7.0 -