The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apereo Central Authentication Service Server

Apereo CAS Server: bad PRNG
An attacker can predict the output of the PRNG in Apereo CAS Server, in order to guess secrets or spoof users...
Apereo CAS Server: privilege escalation via /configserver et /cas/status/metrics
An attacker can bypass restrictions via /configserver et /cas/status/metrics of Apereo CAS Server, in order to escalate his privileges...
Jasig CAS Server: security improvement
The security of Jasig CAS Server was improved...
Jasig CAS Server: privilege escalation via statistics
An attacker can use statistics pages of Jasig CAS Server, in order to escalate his privileges...
Apache Commons Collections: code execution via InvokerTransformer
An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code...
1119363, 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, RHSA-2020:4274-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313
Jasig CAS Server: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Jasig CAS Server, in order to run JavaScript code in the context of the web site...
Jasig CAS Server: bypassing LDAP authentication via Wildcard
An attacker can use the wildcard character on Jasig CAS Server, in order to ease a brute force attack on the LDAP directory...
CVE-2015-1169, VIGILANCE-VUL-16020
Jasig CAS Server: bypassing authentication via Google Accounts Integration
An attacker can transmit malicious XML data to Jasig CAS Server with Google Accounts Integration, in order to bypass the authentication...
Our database contains other pages. You can request a free trial to read them.

Display information about Apereo Central Authentication Service Server: