Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SiteMinder Multiple Vulnerabilities (solution)
From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 19 Jul 2005 13:24:39 -0400

List:       bugtraq
Subject:    SiteMinder Multiple Vulnerabilities
From:       c0ntex <c0ntexb () gmail ! com>
Date:       2005-07-08 14:03:11

$ An open security advisory #10 - Siteminder v5.5 


This issue is NOT present in out-of-the-box installations of 
SiteMinder.  All supported versions of SiteMinder have an
agent configuration parameter called "CSSChecking" that is,
by default, set to "YES".  A SiteMinder administrator would 
have to intentionally set this parameter to "NO" to become 
vulnerable to this issue.

The "CSSChecking" configuration parameter has been very well 
documented in SiteMinder product documentation since 2001.

This issue is also documented and addressed in a security 
advisory posted in October 2002 at this URL:
(URL may wrap)
.asp?isNodeGroup=null&ProductNumber=735&Pare ntId=493&groupType=249

Note that SiteMinder customers should continue to go to 
support.netegrity.com for product support.

Ken Williams ; Vulnerability Research 
Computer Associates ; 0xE2941985
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985

  By Date           By Thread  

Current thread:
  • Re: SiteMinder Multiple Vulnerabilities (solution) Williams, James K (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]