Netegrity SiteMinder输入验证漏洞

漏洞信息详情

Netegrity SiteMinder输入验证漏洞

• CNNVD编号：CNNVD-200108-142
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-1455
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-08-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  netegrity
• 漏洞来源：
  Discovery is credi…

Netegrity SiteMinder 3.6到4.5.1版本存在漏洞。远程攻击者可以借助包含Unicode字符的URLs绕过过滤器。

This issue is reportedly not present in Netegrity SiteMinder versions 4.5.1 SP1 and later.
It has been reported but not confirmed that the vendor has released a patch for earlier versions. Users should contact the vendor for details regarding the availability of fixes.

来源:US-CERT Vulnerability Note: VU#837419
名称: VU#837419
链接:http://www.kb.cert.org/vuls/id/837419

来源: XF
名称: siteminder-unicode-bypass(10497)
链接:http://xforce.iss.net/xforce/xfdb/10497

来源: BID
名称: 6060
链接:http://www.securityfocus.com/bid/6060