XML External Entity (XXE) Vulnerability in Jasig CAS Server with Google Accounts Integration

XML External Entity (XXE) Vulnerability in Jasig CAS Server with Google Accounts Integration

CVE-2014-2296 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

Learn more about our Cis Benchmark Audit For Server Software.