Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1169

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1169
Last Modified 11 Feb 2015 02:47:17
Published 10 Feb 2015 03:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1169

Summary

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.

Vulnerable Systems

Application

  • Apereo Central Authentication Service 3.5.2


References

CONFIRM - https://issues.jasig.org/browse/CAS-1429

CONFIRM - https://github.com/Jasig/cas/pull/411

CONFIRM - https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c

FULLDISC - 20150121 CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.

MISC - http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html


Last Updated: 27 May 2016 11:07:46