CPANSA-Apache-AuthCAS-2007-01: Apache-AuthCAS vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2007-12-13T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2007-12-13T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | High | |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection.
Vulnerabilities
CVE-2007-6342
Vulnerability DescriptionSQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
| Weakness | CWE-89 : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache-AuthCAS less than 0.5 |
|
Fixed
- Apache-AuthCAS greater than or equal 0.5
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Apache-AuthCAS-2007-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2007/cpansa-apache-authcas-2007-01.json - https://metacpan.org/changes/distribution/Apache-AuthCAS external
https://metacpan.org/changes/distribution/Apache-AuthCAS - https://cxsecurity.com/issue/WLB-2007120031 external
https://cxsecurity.com/issue/WLB-2007120031 - CVE-2007-6342 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-6342
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Thu Dec 13 00:00:00 2007 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/