CA eTrust SiteMinder login.fcc Arbitrary iframe Injection

ID OSVDB:17810
Type osvdb
Reporter OSVDB
Modified 2005-07-08T10:15:20


Technical Description

All supported versions of SiteMinder have an agent configuration parameter called "CSSChecking" that is, by default, set to "YES". A SiteMinder administrator would have to intentionally set this parameter to "NO" to become vulnerable to this issue.


Secunia Advisory ID:15956 Related OSVDB ID: 17809 Mail List Post: Mail List Post: Mail List Post: