Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CA SiteMinder Web Agents用户假冒漏洞
Vulnerability Description
Computer Associates SiteMinder是一款企业Web应用的安全与管理技术基础之一,具有管理用户身份验证及访问权限的集中式安全基础架构。 CA SiteMinder SP6 CR2之前的R6版本和SP3 CR2之前的R12版本中的Web Agents组件不能正确处理多行头字段。远程认证用户通过发送特制的数据可伪造其他用户,导致未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A