Home > Vulnerability Database > CVE-2010-3692

Mend.io Vulnerability Database

CVE-2010-3692

Date: October 7, 2010

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

Language: PHP

Severity Score

6.5

Related Resources (22)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html

Url: http://www.securityfocus.com/bid/43585

Url: http://secunia.com/advisories/41878

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html

Url: https://forge.indepnet.net/projects/glpi/repository/revisions/12601

Url: http://www.vupen.com/english/advisories/2010/2705

Url: https://issues.jasig.org/browse/PHPCAS-80

Url: https://developer.jasig.org/source/changelog/jasigsvn?cs=21538

Url: http://www.openwall.com/lists/oss-security/2010/10/01/2

Url: http://www.vupen.com/english/advisories/2011/0456

Url: http://www.vupen.com/english/advisories/2010/2909

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html

Url: http://www.openwall.com/lists/oss-security/2010/10/01/5

Url: http://secunia.com/advisories/42184

Url: http://www.debian.org/security/2011/dsa-2172

Url: http://secunia.com/advisories/43427

Url: http://www.openwall.com/lists/oss-security/2010/09/29/6

Url: http://secunia.com/advisories/42149

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-3692

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82

Url: https://www.mend.io/vulnerability-database/CVE-2010-3692

Severity Score

6.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-3692

Date: October 7, 2010

Language: PHP

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?