CVE-2012-1105
N/A
N/A
Summary
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jasig Project | php-pear-CAS | 1.2.2 | affected |
Weaknesses
- Debug log and proxy configuration session data stored in /tmp without proper protection
ADP Enrichment
CVE Program Container
Additional References
- https://security-tracker.debian.org/tracker/CVE-2012-1105
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105
- http://www.openwall.com/lists/oss-security/2012/03/05/7
- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
- https://www.securityfocus.com/bid/52280
References
- https://security-tracker.debian.org/tracker/CVE-2012-1105
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105
- http://www.openwall.com/lists/oss-security/2012/03/05/7
- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
- https://www.securityfocus.com/bid/52280
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.