Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12121
HistoryAug 26, 2009 - 12:00 a.m.

CA SiteMinder GET请求多个跨站脚本漏洞

2009-08-2600:00:00
Root
www.seebug.org
36

EPSS

0.004

Percentile

72.1%

JSON

BUGTRAQ ID: 36086,36088
CVE(CAN) ID: CVE-2009-2704,CVE-2009-2705

CA SiteMinder是一个集中的Web访问管理系统,允许对Web应用和门户执行用户认证、单点登录、认证管理等功能。

SiteMinder没有正确地过滤用户在GET请求中所提交的参数。如果远程攻击者在提交的请求中包含有%00(编码的空字节)或非规范的超长Unicode的话,就可以绕过对J2EE应用的跨站脚本保护措施。

Computer Associates SiteMinder
厂商补丁:

Computer Associates

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.cai.com/


                                                http://www.example.com/app/function?foo=bar%e0%80%bc
http://www.example.com/app/function?foo=bar%00<script>alert(document.cookie)</script>

Related

nvd 2
cve 2
exploitdb 2
prion 2
cvelist 2
nvd
nvd
CVE-2009-2705
2009-08-11 10:30:00
CVE-2009-2704
2009-08-11 10:30:00
cve
cve
CVE-2009-2705
2009-08-11 10:30:00
CVE-2009-2704
2009-08-11 10:30:00
exploitdb
exploitdb
Computer Associates SiteMinder - Unicode Cross-Site Scripting Protection Security Bypass
2009-06-08 00:00:00
Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass
2009-06-08 00:00:00
prion
prion
Cross site scripting
2009-08-11 10:30:00
Cross site scripting
2009-08-11 10:30:00
cvelist
cvelist
CVE-2009-2704
2009-08-11 10:00:00
CVE-2009-2705
2009-08-11 10:00:00

EPSS

0.004

Percentile

72.1%

JSON
Related for SSV:12121
nvd2cve2exploitdb2prion2cvelist2