CVE-2012-1105

Summary

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

Affected Software

VendorProductVersion RangeStatus
Jasig Projectphp-pear-CAS1.2.2affected

Weaknesses

  • Debug log and proxy configuration session data stored in /tmp without proper protection

ADP Enrichment

CVE Program Container

Additional References

References