Vulnerability Description
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netegrity | Siteminder | All versions |
References
- http://curl.haxx.se/mail/archive-2003-05/0172.htmlExploit
- http://www.osvdb.org/30741Exploit
- http://curl.haxx.se/mail/archive-2003-05/0172.htmlExploit
- http://www.osvdb.org/30741Exploit
FAQ
What is CVE-2003-1311?
CVE-2003-1311 is a vulnerability with a CVSS score of 6.8 (MEDIUM). siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick...
How severe is CVE-2003-1311?
CVE-2003-1311 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1311?
Check the references section above for vendor advisories and patch information. Affected products include: Netegrity Siteminder.