The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apereo CAS Server

Cryptacular: denial of service via CiphertextHeader Decode Operation
An attacker can trigger a fatal error via CiphertextHeader Decode Operation of Cryptacular, in order to trigger a denial of service...
52, CVE-2020-7226, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31437
Apereo CAS Server: bad PRNG
An attacker can predict the output of the PRNG in Apereo CAS Server, in order to guess secrets or spoof users...
VIGILANCE-VUL-30390
Apereo CAS Server: privilege escalation via /configserver et /cas/status/metrics
An attacker can bypass restrictions via /configserver et /cas/status/metrics of Apereo CAS Server, in order to escalate his privileges...
VIGILANCE-VUL-22026
Jasig CAS Server: security improvement
The security of Jasig CAS Server was improved...
VIGILANCE-VUL-21934
Jasig CAS Server: privilege escalation via statistics
An attacker can use statistics pages of Jasig CAS Server, in order to escalate his privileges...
VIGILANCE-VUL-20739
Apache Commons Collections: code execution via InvokerTransformer
An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code...
1119363, 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, RHSA-2020:4274-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313
Jasig CAS Server: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Jasig CAS Server, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-17944
Jasig CAS Server: bypassing LDAP authentication via Wildcard
An attacker can use the wildcard character on Jasig CAS Server, in order to ease a brute force attack on the LDAP directory...
CVE-2015-1169, VIGILANCE-VUL-16020
Jasig CAS Server: bypassing authentication via Google Accounts Integration
An attacker can transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication...
VIGILANCE-VUL-14512
Our database contains other pages. You can request a free trial to read them.

Display information about Apereo CAS Server: