Executive Summary
Summary | |
---|---|
Title | CA Siteminder login.fcc form xss vulnerability |
Informations | |||
---|---|---|---|
Name | VU#713012 | First vendor Publication | 2011-12-07 |
Vendor | VU-CERT | Last vendor Modification | 2011-12-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#713012CA Siteminder login.fcc form xss vulnerabilityOverviewCA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting (XSS) vulnerability.I. DescriptionAccording to CA's website: "CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to customers, partners, and employees." CA Siteminder software fails to sanitize POST requests sent to the login.fcc form. As a result, stored and reflective cross site scripting (XSS) attacks can be conducted. An attacker can inject javascript code that will be run each time the specified webpage is accessed by inserting javascript code in the affected parameter. According to the reporter the login.fcc webpage and postpreservationdata parameter is affected by a reflective XSS vulnerability, postpreservationdata=fail&target="><script>alert(1)</script><"II. ImpactAn attacker with access to the CA Siteminder can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.III. SolutionThe vendor has confirmed that this vulnerability has been addressed in SiteMinder R6 SP6 CR8 and SiteMinder R12 SP3 CR9.Restrict access
Referenceshttp://www.ca.com/us/web-access-management.aspx CreditThanks to Jon Passki of Aspect Security for reporting this vulnerability. This document was written by Michael Orlando. Other Information
|
Original Source
Url : http://www.kb.cert.org/vuls/id/713012 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-12-19 | Name : CA SiteMinder 'target' Parameter Cross-Site Scripting Vulnerability File : nvt/secpod_ca_siteminder_target_param_xss_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77570 | CA SiteMinder login.fcc target Parameter XSS CA SiteMinder contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'target' parameter upon submission to the login.fcc script when 'postpreservationdata' is set to fail. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |