PT-2011-3318 · Ca · Ca Siteminder

Published

2011-04-27

Updated

2021-04-12

CVE-2011-1718

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CA SiteMinder R6 versions prior to SP6 CR2 CA SiteMinder R12 versions prior to SP3 CR2

Description The issue is related to the Web Agents component, which does not properly handle multi-line headers. This allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Recommendations For CA SiteMinder R6 versions prior to SP6 CR2, update to SP6 CR2 or later to resolve the issue. For CA SiteMinder R12 versions prior to SP3 CR2, update to SP3 CR2 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-1718

Affected Products

Ca Siteminder

PT-2011-3318 · Ca · Ca Siteminder

CVE-2011-1718

Weakness Enumeration

Related Identifiers

Affected Products

References · 10