Is the Web Agent 12.52.0.142 also affected by the vulnerability fixed in 12.52SP1CR04 ?
Vulnerability in SMAUTHREASON is Exposed to Attack
The web agent vulnerability in SMAUTHREASON with non-numeric data is
exposed to JSP/JavaScript attack.
STAR Issue: 21589939-01, 21474394-01
RTC Issue: 137831, 137834/DE72676, DE72835
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr04
Yes. You need to upgrade the Web Agent to 12.52SP1CR04.
The fix provided in 12.52SP1CR04 provides a 2 fixes for :
1 - Execution of code injected in the smauthreason when accessing a
.fcc form.
2 - Crash of the Web Agent when the hostname exceeds 256
chars.
Here are details about the 2 issues solved in the above mentionned
fix :
1 - Running a Web Agent, when accessing a .fcc page by trying to
inject some code, like this :
http://_host.example.com/siteminderagent/forms/login.fcc?SMAUTHREASON=1)alert(document.cookie);}function+drop(){if(0)}
then a popup appears in the browser as the Web Agent execute the
injected code.
The fix make the Web Agent not to execute the code and report in
its logs :
[09/30/2014][03:43:58][16908895][1403017216][SmFCC.cpp:1271][SmFcc::setup]
[0000000000000000000000008dca411f-102025f-542a5f3e-53a05800-89e35a2d][*10.0.0.1][][][][]
[Warning. SMAUTHREASON parameter value is non-numeric]
2 - Running a Web Agent, and if this one received a request for which
the FQDN of the hostname is greater than 256 chars, then on Web Agent
running on SunOne, a crash was happening.
With the fix, no crash occurs with Web Agent on SunOne, and Web
Agent will show a note that the max of 256 has been exceeded.
[07/12/2017][14:27:57][17825][2748774176][CSmHttpPlugin.cpp:5301]
[Hostname length exceeds maximum length per RFC:1035 sHost: ][][][][][][]
[TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWeb
ServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer
TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTest
WebServerTestWebServerTestWebServerTestWebServer.example.com]