Описание
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66906
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}
- http://secunia.com/advisories/44218
- http://securityreason.com/securityalert/8227
- http://securitytracker.com/id?1025423
- http://www.securityfocus.com/archive/1/517626/100/0/threaded
- http://www.securityfocus.com/bid/47520
- http://www.vupen.com/english/advisories/2011/1067
Связанные уязвимости
nvd
почти 15 лет назад
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.