CVE-2012-1104
Priority
Medium
Description
In the default configuration a phpCAS protected application allowed any
other cas service with proxy authorization and valid user credentials to
proxy any other phpCAS applications in the same SSO realm.
This is a security flaw since individual applications should check
whether another application is actually authorized to proxy for users in
this particular application.
other cas service with proxy authorization and valid user credentials to
proxy any other phpCAS applications in the same SSO realm.
This is a security flaw since individual applications should check
whether another application is actually authorized to proxy for users in
this particular application.
References
Bugs
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needs-triage |
| Ubuntu 12.10 (Quantal Quetzal): | needs-triage |
| Ubuntu 13.04 (Raring Ringtail): | needs-triage |
| Ubuntu 13.10 (Saucy Salamander): | needs-triage |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needs-triage |
| Ubuntu 12.10 (Quantal Quetzal): | needs-triage |
| Ubuntu 13.04 (Raring Ringtail): | needs-triage |
| Ubuntu 13.10 (Saucy Salamander): | needs-triage |