Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Security fixes * Fix a session hijacking hole CVE-2010-2795
[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible
XSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML
responses without attributes [PHPCAS-59] * Fix duplicate SAML debug
output [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated
session will be ignored and a warning will be issued to the debug log.
[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()
[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice
[PHPCAS-48] Improvement * Debuglog now contains phpCAS version
information [PHPCAS-62]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=620743
https://bugzilla.redhat.com/show_bug.cgi?id=620751
http://www.nessus.org/u?2f8032eb

Solution :

Update the affected php-pear-CAS package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 48930 (fedora_2010-12258.nasl)

Bugtraq ID: 42160
42162

CVE ID: CVE-2010-2795
CVE-2010-2796

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now