cvelist/2010/3xxx/CVE-2010-3692.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2010-3692",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
            "refsource" : "MLIST",
            "url" : "http://www.openwall.com/lists/oss-security/2010/09/29/6"
         },
         {
            "name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
            "refsource" : "MLIST",
            "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/2"
         },
         {
            "name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",
            "refsource" : "MLIST",
            "url" : "http://www.openwall.com/lists/oss-security/2010/10/01/5"
         },
         {
            "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82",
            "refsource" : "CONFIRM",
            "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"
         },
         {
            "name" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538",
            "refsource" : "CONFIRM",
            "url" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"
         },
         {
            "name" : "https://issues.jasig.org/browse/PHPCAS-80",
            "refsource" : "CONFIRM",
            "url" : "https://issues.jasig.org/browse/PHPCAS-80"
         },
         {
            "name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
            "refsource" : "CONFIRM",
            "url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
         },
         {
            "name" : "DSA-2172",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2011/dsa-2172"
         },
         {
            "name" : "FEDORA-2010-15943",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"
         },
         {
            "name" : "FEDORA-2010-15970",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"
         },
         {
            "name" : "FEDORA-2010-16905",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
         },
         {
            "name" : "FEDORA-2010-16912",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
         },
         {
            "name" : "43585",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/43585"
         },
         {
            "name" : "41878",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/41878"
         },
         {
            "name" : "42149",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/42149"
         },
         {
            "name" : "42184",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/42184"
         },
         {
            "name" : "43427",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/43427"
         },
         {
            "name" : "ADV-2010-2705",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2010/2705"
         },
         {
            "name" : "ADV-2010-2909",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2010/2909"
         },
         {
            "name" : "ADV-2011-0456",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2011/0456"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2010-3692",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.openwall.com/lists/oss-security/2010/09/29/6"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/2"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/5"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://developer.jasig.org/source/changelog/jasigsvn?cs=21538"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://issues.jasig.org/browse/PHPCAS-80",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://issues.jasig.org/browse/PHPCAS-80"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-2172",`
			`"refsource" : "DEBIAN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.debian.org/security/2011/dsa-2172"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2010-15943",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2010-15970",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2010-16905",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2010-16912",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "43585",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/43585"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "41878",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/41878"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "42149",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/42149"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "42184",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/42184"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "43427",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/43427"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "ADV-2010-2705",`
			`"refsource" : "VUPEN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.vupen.com/english/advisories/2010/2705"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "ADV-2010-2909",`
			`"refsource" : "VUPEN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.vupen.com/english/advisories/2010/2909"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "ADV-2011-0456",`
			`"refsource" : "VUPEN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.vupen.com/english/advisories/2011/0456"`
			`}`
			`]`
			`}`
			`}`