Lucene search

MitreCVE-2011-1718

HistoryApr 27, 2011 - 1:25 a.m.

CVE-2011-1718

2011-04-2701:25:33

CWE-20

mitre

web.nvd.nist.gov

cve-2011-1718

web agents

ca siteminder

sp6 cr2

r12

sp3 cr2

impersonation attacks

privilege escalation

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

75.5%

JSON

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Affected configurations

Nvd

Node

broadcomsiteminderMatch12.0sp3cr01

casiteminderMatch6sp5_cr35

VendorProductVersionCPE
broadcomsiteminder12.0cpe:2.3:a:broadcom:siteminder:12.0:sp3:cr01:*:*:*:*:*
casiteminder6cpe:2.3:a:ca:siteminder:6:sp5_cr35:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	siteminder	12.0	cpe:2.3:a:broadcom:siteminder:12.0:sp3:cr01:::::*
ca	siteminder	6	cpe:2.3:a:ca:siteminder:6:sp5_cr35::::::

References

secunia.com/advisories/44218

securityreason.com/securityalert/8227

securitytracker.com/id?1025423

www.securityfocus.com/archive/1/517626/100/0/threaded

www.securityfocus.com/bid/47520

www.vupen.com/english/advisories/2011/1067

exchange.xforce.ibmcloud.com/vulnerabilities/66906

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

75.5%

JSON

Related for CVE-2011-1718