CVE-2010-3692
Published: 7 October 2010
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Notes
Author | Note |
---|---|
sbeattie | fixed in php-cas 1.1.3 |
Priority
Status
Package | Release | Status |
---|---|---|
glpi Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(0.80.7-1)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [0.80.7-1])
|
|
upstream |
Released
(0.80)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(0.80.7-1)
|
|
yakkety |
Not vulnerable
(0.80.7-1)
|
|
moodle Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
quantal |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
raring |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
saucy |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
trusty |
Does not exist
(trusty was not-affected [1.9.9.dfsg2-5])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
vivid |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
wily |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
xenial |
Not vulnerable
(1.9.9.dfsg2-5)
|
|
yakkety |
Not vulnerable
(1.9.9.dfsg2-5)
|