search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL

Vulnerability Note VU#837419

Original Release Date: 2002-10-29 | Last Revised: 2002-10-29

Overview

Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings.

Description

Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when those requests contain Unicode encodings.

Impact

The complete impact of this vulnerability is not yet known.

Solution

Netegrity has reportedly released a patch, available from:

http://support.netegrity.com/

Vendor Information

837419
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to the SANS Institute for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: None
Severity Metric: 2.84
Date Public: 2001-08-24
Date First Published: 2002-10-29
Date Last Updated: 2002-10-29 16:06 UTC
Document Revision: 4

Sponsored by CISA.