CRLF Vulnerability(CVE-2024-36459) in Web Agent
search cancel

CRLF Vulnerability(CVE-2024-36459) in Web Agent

book

Article ID: 369884

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

A CRLF injection vulnerability has been identified in  SiteMinder Web Agent component.

As a result, an attacker can inject an arbitrary payload (including JavaScript) in HTTP responses.

 

Environment

This vulnerability occurs with older SiteMinder Web Agents running in IIS or Domino web servers.

Impacted Versions of Web Agent:


- R1252 SP1 CR 11 and Below
- R 12.8

Impacted Web Servers:

IIS and Domino 

Impacted Operation Systems:

Windows

Resolution

 

Patch can be downloaded from below link

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/release-announcements/CA-Single-Sign-On-Hotfix-Cumulative-Release-Index/6544

 

To mitigate this vulnerability, perform the following steps on a Release 12.8 Web Agent for Domino:


1) Download the provided patch and unzip the file.
2) Stop the Domino web server.
3) Take a backup of DOMINOWebAgent.dll from <NETE_WA_ROOT>/bin.
     Example path: C:\CA\webagent\win64\bin\DOMINOWebAgent.dll
4) Replace the existing DOMINOWebAgent.dll in <NETE_WA_ROOT>/bin with the new DOMINOWebAgent.dll that is downloaded in Step 1. The binary version of the new DOMINOWebAgent.dll is 12.8.0.2849.
5) Start the Domino web server.

 

To mitigate this vulnerability, perform the following steps on a Release 12.8 Web Agent for IIS that is running in 64-Bit mode:


1) Download the provided patch and unzip the file.
2) Stop the IIS web server.
3)Take the backup of HTTPPlugin.dll from < NETE_WA_ROOT >/bin.
    Example path: C:\CA\webagent\win64\bin\HTTPPlugin.dll
4) Replace the existing HTTPPlugin.dll in <NETE_WA_ROOT>/bin with the new HTTPPlugin.dll that is downloaded in Step 1. The binary version of the new HTTPPlugin.dll is 12.8.0.2849.
5) Start the IIS web server.

 

To mitigate this vulnerability, perform the following steps on a Release 12.52 SP1 CR11 Web Agent for IIS that is running in a 64-bit mode:


1) Download the provided patch and unzip the file.
2) Stop the IIS web server.
3) Take a backup of HTTPPlugin.dll from <NETE_WA_ROOT>/bin.
     Example path: C:\CA\webagent\win64\bin\HTTPPlugin.dll
4) Replace the existing HTTPPlugin.dll in <NETE_WA_ROOT>/bin with the new HTTPPlugin.dll that is downloaded in Step 1. The binary version of the new HTTPPlugin.dll is 12.52.111.2826.
5) Start the IIS web server.

 

NOTE: This patch is only applicable for 12.52 SP1 CR11 and 12.8 release agents. We highly recommend you to upgrade your agents and apply the patch.

Also, It is always recommended to follow the prevention measurements for the cross-site scripting as per the below documentation

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_ProtectWebSitesAgainstCross-SiteScripting

 

Powered by Wolken Software