CVE-2011-1718

EPSS 0.84%
Published 27.04.2011 01:25:33
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Siteminder Version12.0 Updatesp3 Editioncr01

Ca ≫ Siteminder Version6 Updatesp5_cr35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.84%	0.724

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/44218

Vendor Advisory

http://securityreason.com/securityalert/8227

http://securitytracker.com/id?1025423

http://www.securityfocus.com/archive/1/517626/100/0/threaded

http://www.securityfocus.com/bid/47520

http://www.vupen.com/english/advisories/2011/1067

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66906

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D

https://nvd.nist.gov/vuln/detail/CVE-2011-1718

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1718

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1718

EUVD