"Vulnerability in SMAUTHREASON is Exposed to Attack" in Web Agent 12.52
search cancel

"Vulnerability in SMAUTHREASON is Exposed to Attack" in Web Agent 12.52

book

Article ID: 15117

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



Is the Web Agent 12.52.0.142 also affected by the vulnerability fixed in 12.52SP1CR04 ?

 

  Vulnerability in SMAUTHREASON is Exposed to Attack 

 

  The web agent vulnerability in SMAUTHREASON with non-numeric data is 

  exposed to JSP/JavaScript attack. 

 

  STAR Issue: 21589939-01, 21474394-01 

 

  RTC Issue: 137831, 137834/DE72676, DE72835 

 

  https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr04 

 

Environment

Release: ETRSBB99000-12.52-SiteMinder-B to B
Component:

Resolution

Yes. You need to upgrade the Web Agent to 12.52SP1CR04.

 

  The fix provided in 12.52SP1CR04 provides a 2 fixes for : 

 

  1 - Execution of code injected in the smauthreason when accessing a 

      .fcc form. 

 

  2 - Crash of the Web Agent when the hostname exceeds 256 

      chars. 

 

  Here are details about the 2 issues solved in the above mentionned

  fix :

 

  1 - Running a Web Agent, when accessing a .fcc page by trying to 

      inject some code, like this : 

 

      http://_host.example.com/siteminderagent/forms/login.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0)} 

 

      then a popup appears in the browser as the Web Agent execute the 

      injected code. 

 

      The fix make the Web Agent not to execute the code and report in 

      its logs : 

 

      [09/30/2014][03:43:58][16908895][1403017216][SmFCC.cpp:1271][SmFcc::setup] 

      [0000000000000000000000008dca411f-102025f-542a5f3e-53a05800-89e35a2d][*10.0.0.1][][][][] 

      [Warning. SMAUTHREASON parameter value is non-numeric] 

 

  2 - Running a Web Agent, and if this one received a request for which 

      the FQDN of the hostname is greater than 256 chars, then on Web Agent 

      running on SunOne, a crash was happening. 

 

      With the fix, no crash occurs with Web Agent on SunOne, and Web 

      Agent will show a note that the max of 256 has been exceeded. 

 

      [07/12/2017][14:27:57][17825][2748774176][CSmHttpPlugin.cpp:5301] 

      [Hostname length exceeds maximum length per RFC:1035 sHost: ][][][][][][] 

      [TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWeb 

       ServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer 

       TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTest 

       WebServerTestWebServerTestWebServerTestWebServer.example.com]