Lucene search

[email protected]CVE-2011-1718

HistoryApr 27, 2011 - 1:25 a.m.

CVE-2011-1718

2011-04-2701:25:33

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-1718

web agents

ca siteminder

sp6 cr2

r12

sp3 cr2

impersonation attacks

privilege escalation

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Affected configurations

NVD

Node

broadcomsiteminderMatch12.0sp3cr01

casiteminderMatch6sp5_cr35

CPENameOperatorVersion
broadcom:siteminderbroadcom sitemindereq12.0
ca:siteminderca sitemindereq6

CPE	Name	Operator	Version
broadcom:siteminder	broadcom siteminder	eq	12.0
ca:siteminder	ca siteminder	eq	6

References

secunia.com/advisories/44218

securityreason.com/securityalert/8227

securitytracker.com/id?1025423

www.securityfocus.com/archive/1/517626/100/0/threaded

www.securityfocus.com/bid/47520

www.vupen.com/english/advisories/2011/1067

exchange.xforce.ibmcloud.com/vulnerabilities/66906

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2011-1718

nvd1 prion1 securityvulns2 cvelist1