XML External Entity (XXE) Vulnerability in Jasig CAS Server with Google Accounts Integration
CVE-2014-2296 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.
Learn more about our Cis Benchmark Audit For Server Software.