[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D7DDF83751235046BFAC82E1244EB4C8081764BD@usilms23.ca.com>
Date: Tue Jul 19 18:23:13 2005
From: James.Williams at ca.com (Williams, James K)
Subject: Re: SiteMinder Multiple Vulnerabilities (solution)
> List: full-disclosure
> Subject: SiteMinder Multiple Vulnerabilities
> From: c0ntex <c0ntexb () gmail ! com>
> Date: 2005-07-08 14:08:53
>
> $ An open security advisory #10 - Siteminder v5.5
> Vulnerabilities
>
> [...]
This issue is NOT present in out-of-the-box installations of
SiteMinder. All supported versions of SiteMinder have an
agent configuration parameter called "CSSChecking" that is,
by default, set to "YES". A SiteMinder administrator would
have to intentionally set this parameter to "NO" to become
vulnerable to this issue.
The "CSSChecking" configuration parameter has been very well
documented in SiteMinder product documentation since 2001.
This issue is also documented and addressed in a security
advisory posted in October 2002 at this URL:
(URL may wrap)
https://support.netegrity.com/ocp/custom/productdownload/productdownload
.asp?isNodeGroup=null&ProductNumber=735&ParentId=493&groupType=249
Note that SiteMinder customers should continue to go to
support.netegrity.com for product support.
Regards,
kw
Ken Williams ; Vulnerability Research
Computer Associates ; 0xE2941985
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
Powered by blists - more mailing lists