CVE-2012-1104

Priority
Medium
Description
In the default configuration a phpCAS protected application allowed any
other cas service with proxy authorization and valid user credentials to
proxy any other phpCAS applications in the same SSO realm.
This is a security flaw since individual applications should check
whether another application is actually authorized to proxy for users in
this particular application.
References
Bugs
Package
Source: glpi (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-17 15:15:14 UTC (commit 8246)