|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> SiteMinder HTML Page Injection Vulnerability Vulnerability Assessment Details
|
SiteMinder HTML Page Injection Vulnerability |
||
|
Checks for a flaw in SiteMinder Detailed Explanation for this Vulnerability Assessment The remote host is running Netegrity SiteMinder, an access management solution. The remote version of this software is vulnerable to a page injection flaw which may permit a possible hacker to trick users into sending him their username and passwords, by sending them a link to the 'smpwservicescgi.exe' program with a rogue TARGET argument value which will redirect them to an arbitrary website after they authenticated to the remote service. Solution : Upgrade to the newest version of this software Network Security Threat Level: Medium Networks Security ID: 12284 Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security |
||
|
Switches |
|
||
|
No Discussions have been posted on this vulnerability. |