Описание
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:broadcom:siteminder:12.0:sp3:cr01:*:*:*:*:*
cpe:2.3:a:ca:siteminder:6:sp5_cr35:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00835
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
EPSS
Процентиль: 74%
0.00835
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20