Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1718

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1718
Last Modified 21 Sep 2011 11:30:45
Published 26 Apr 2011 09:25:33
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1718

Summary

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Vulnerable Systems

Application

  • Ca Siteminder 12.0

  • Ca Siteminder 6


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}

XF - siteminder-headers-spoofing(66906)

VUPEN - ADV-2011-1067

BID - 47520

BUGTRAQ - 20110421 CA20110420-01: Security Notice for CA SiteMinder

SECTRACK - 1025423

SREASON - 8227

SECUNIA - 44218


Last Updated: 27 May 2016 10:56:24