The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ca siteminder 6 |
||
broadcom siteminder 12.0 |