{"vuid":"VU#713012","idnumber":"713012","name":"CA Siteminder login.fcc form xss vulnerability","keywords":["ca","siteminder","xss"],"overview":"CA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting (XSS) vulnerability.","clean_desc":"According to CA's website: \"CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to customers, partners, and employees.\" CA Siteminder software fails to sanitize POST requests sent to the login.fcc form. As a result, stored and reflective cross site scripting (XSS) attacks can be conducted. An attacker can inject javascript code that will be run each time the specified webpage is accessed by inserting javascript code in the affected parameter. According to the reporter the login.fcc webpage and postpreservationdata parameter is affected by a reflective XSS vulnerability, postpreservationdata=fail&target=\"><script>alert(1)</script><\"","impact":"An attacker with access to the CA Siteminder can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.","resolution":"The vendor has confirmed that this vulnerability has been addressed in SiteMinder R6 SP6 CR8 and SiteMinder R12 SP3 CR9.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent XSS or CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing a CA Siteminder using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Jon Passki of Aspect Security for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","c","a",".","c","o","m","/","u","s","/","w","e","b","-","a","c","c","e","s","s","-","m","a","n","a","g","e","m","e","n","t",".","a","s","p","x"],"cveids":["CVE-2011-4054"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-02-16T18:56:42Z","publicdate":"2011-12-07T00:00:00Z","datefirstpublished":"2011-12-07T13:19:28Z","dateupdated":"2011-12-09T14:00:15Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"13","cam_impact":"8","cam_easeofexploitation":"6","cam_attackeraccessrequired":"4","cam_scorecurrent":"0.1404","cam_scorecurrentwidelyknown":"1.0764","cam_scorecurrentwidelyknownexploited":"2.0124","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.1404,"vulnote":null}