HTTP: HTML Script Tag Embedded in Cookie
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. A victim that accesses these hyperlinks can allow the attacker to view the victim's Web cookies. Web cookies typically contain sensitive information.
Extended Description
Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. We were not told which versions are affected. We will update this BID as more information emerges.
Affected Products
Computer_associates siteminder
Short Name
HTTP:XSS:HTML-SCRIPT-IN-COOKIE
Severity
Major
Recommended
True
Recommended Action
None
Category
HTTP
Keywords
CA-2000-02 CVE-2007-5923 CVE-2015-1628 Cookie Embedded HTML Script Tag bid:26375 in
Release Date
11/24/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Computer_associates
CVSS Score
4.3