CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:siteminder:12.0:sp3:cr01:*:*:*:*:*
cpe:2.3:a:ca:siteminder:6:sp5_cr35:*:*:*:*:*:*

History

21 Nov 2024, 01:26

Type Values Removed Values Added
References () http://secunia.com/advisories/44218 - Vendor Advisory () http://secunia.com/advisories/44218 - Vendor Advisory
References () http://securityreason.com/securityalert/8227 - () http://securityreason.com/securityalert/8227 -
References () http://securitytracker.com/id?1025423 - () http://securitytracker.com/id?1025423 -
References () http://www.securityfocus.com/archive/1/517626/100/0/threaded - () http://www.securityfocus.com/archive/1/517626/100/0/threaded -
References () http://www.securityfocus.com/bid/47520 - () http://www.securityfocus.com/bid/47520 -
References () http://www.vupen.com/english/advisories/2011/1067 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/1067 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/66906 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/66906 -
References () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D - () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D -

07 Nov 2023, 02:07

Type Values Removed Values Added
References
  • {'url': 'https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}', 'name': 'https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}', 'tags': ['Broken Link'], 'refsource': 'CONFIRM'}
  • () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D -

Information

Published : 2011-04-27 01:25

Updated : 2024-11-21 01:26


NVD link : CVE-2011-1718

Mitre link : CVE-2011-1718

CVE.ORG link : CVE-2011-1718


JSON object : View

Products Affected

broadcom

  • siteminder

ca

  • siteminder
CWE
CWE-20

Improper Input Validation