Apereo CAS Regular Expression Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Apereo CAS version 5.2.6. This issue arises in the ResponseEntity function of the ManageRegisteredServicesMultiActionController class, where inefficient regular expression processing can be exploited to create a denial-of-service condition. The vulnerability can be triggered remotely.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or slow due to the regular expression engine being overwhelmed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apereo CAS Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Apereo CAS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating