|
|
Family: CGI abuses : XSS --> Category: attack
SiteMinder Multiple Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple cross-site scripting vulnerabilities in SiteMinder
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that is affected by
several cross-site scripting vulnerabilities.
Description :
The remote host is running SiteMinder, an access-management solution
from Netegrity / Computer Associates.
The installed version of SiteMinder suffers from several cross-site
scripting flaws in its 'smpwservicescgi.exe' script. A possible hacker can
exploit these flaws to inject arbitrary HTML and script code into the
browsers of users of the affected application, thereby leading to
cookie theft, site mis-representation, and similar attacks.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-07/0112.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0163.html
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
