CVE-2011-1718

EPSS 0.84%
Veröffentlicht 27.04.2011 01:25:33
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Siteminder Version12.0 Updatesp3 Editioncr01

Ca ≫ Siteminder Version6 Updatesp5_cr35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.724

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/44218

Vendor Advisory

http://securityreason.com/securityalert/8227

http://securitytracker.com/id?1025423

http://www.securityfocus.com/archive/1/517626/100/0/threaded

http://www.securityfocus.com/bid/47520

http://www.vupen.com/english/advisories/2011/1067

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/66906

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B1BF29B14-C5FB-4BD3-9113-68E2426E4381%7D

https://nvd.nist.gov/vuln/detail/CVE-2011-1718

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1718

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1718

EUVD