Submit #557110: Apereo CAS v5.2.6 ReDos regular expression engine denial of serviceinfo

Title	Apereo CAS v5.2.6 ReDos regular expression engine denial of service
Description	1.Vulnerability Name: Apereo CAS application has a ReDos regular expression engine denial of service vulnerability. 2.Vulnerability level : Medium. 3.Vulnerability discoverer and contributor:蔡超雄 (caichaoxiong) 4.Vulnerability Description The query parameters of the Apereo CAS v5.2.6 management console (cas-management) are controllable, and malicious attackers can use carefully constructed regular expressions to exhaust server resources . 5.Vulnerability Risk Sending a large number of requests with malicious regular expressions will cause all threads in the thread pool to execute regular expression matching, consuming a large amount of CPU resources, making it impossible to respond to normal requests, resulting in a denial of service attack.
Source	⚠️ https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG
User	caichaoxiong (UID 84060)
Submission	04/12/2025 16:19 (1 Year ago)
Moderation	04/26/2025 10:07 (14 days later)
Status	Accepted
VulDB entry	306321 [Apereo CAS 5.2.6 ResponseEntity Query redos]
Points	17

Do you need the next level of professionalism?

Upgrade your account now!