CA20110420-01: Security Notice for CA SiteMinder
Published:
April 21 2011, 01:08 AM
by
Ken Williams
Today, 2011-04-20, we published a security notice to address a vulnerability in CA SiteMinder. The security notice includes information about a medium risk vulnerability that was discovered and reported by April King (april@twoevils.org). The vulnerability could potentially allow a malicious user to send specially crafted data to impersonate another user. Only SiteMinder ISS 6.0 Web Agents are affected. We are not aware of this issue being exploited in the wild. Due to the relative complexity of exploitation, we do not anticipate widespread exploitation activity.
Currently, we have patches available for all supported versions of CA SiteMinder.
The security notice for this vulnerability is published on the CA Technologies Support web site:
CA20110420-01: Security Notice for CA SiteMinder
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}
Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..