Summary
This host is running CA SiteMinder and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to CA SiteMinder R6 SP6 CR8, R12 SP3 CR9 or later.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A7DA8AC2-E9B4-4DDE-B828-098E0955A344}
Insight
The flaw is due to improper validation of user-supplied input passed to the 'target' POST parameter in login.fcc (when 'postpreservationdata' is set to 'fail'), which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
CA SiteMinder R6 SP6 CR7 and earlier
CA SiteMinder R12 SP3 CR8 and earlier
References
Severity
Classification
-
CVE CVE-2011-4054 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities