Security vulnerability -XSS : CVE-2007-5923 Vulnerability via SiteMinder
search cancel

Security vulnerability -XSS : CVE-2007-5923 Vulnerability via SiteMinder

book

Article ID: 258627

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Webserver's integrated with a 12.52 WebAgent is vulnerable to the CVE-2007-5923 

Environment

Release : 12.52

All Webservers

Cause

- https://blog.reigningshells.com/2019/12/reviving-old-cves-reflected-xss-in-ca.html


- https://www.cvedetails.com/cve/CVE-2007-5923/

 

Resolution

->  Login to WAMUI and search for the ACO used for the webagent.

-> Modify the ACO and add the aco parameter as below.

"FCCHTMLEncodingChars"  and set the value to  "\"

-> Save the ACO settings

-> Stop / Start the webagent

->Check the webagent logs should display this value as below.

fcchtmlencodingchars='\'.

.