Apereo CVE - OpenCVE

Filtered by vendor Apereo Subscribe

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-5583	1 Apereo	1 Phpcas	2026-06-16	5.8 MEDIUM	N/A
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-1105	3 Apereo, Debian, Fedoraproject	3 Phpcas, Debian Linux, Fedora	2026-06-16	2.1 LOW	5.5 MEDIUM
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
CVE-2012-1104	3 Apereo, Debian, Linux	3 Phpcas, Debian Linux, Linux Kernel	2026-06-16	5.0 MEDIUM	5.3 MEDIUM
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
CVE-2010-3692	1 Apereo	1 Phpcas	2026-06-16	6.4 MEDIUM	N/A
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
CVE-2010-3691	1 Apereo	1 Phpcas	2026-06-16	3.3 LOW	N/A
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
CVE-2010-3690	1 Apereo	1 Phpcas	2026-06-16	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

Vulnerabilities (CVE)