Improper input validation in Broadcom Siteminder

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.008 (75.0th percentile) — read the EPSS interpretation.

Affected products

Broadcom Siteminder — versions 12.0
Ca Siteminder — versions 6
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20110421 CA20110420-01: Security Notice for CA SiteMinder (mailing-list, x_refsource_BUGTRAQ)
8227 (x_refsource_SREASON, third-party-advisory)
47520 (vdb-entry, x_refsource_BID)
ADV-2011-1067 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
siteminder-headers-spoofing(66906) (vdb-entry, x_refsource_XF)
1025423 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
44218 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)