Computer Associates (CA) CleverPath Portal login page cross-site scripting
| cleverpathportal-login-page-xss (23536) |  Medium Risk |
Description:
Computer Associates CleverPath Portal is vulnerable to cross-site scripting. A remote attacker could embed malicious script within a URL request to the login page which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Consequences:
Gain Access
Remedy:
Apply Hyper Solution QI70871 available from the Computer Associates SupportConnect Web page. See References.
References:
- CA Support Connect Knowledge Base Fix: QI70871: Cross Scripting Security Risk on Login Page.
- Computer Associates Common Services: CleverPath Portal - Features at a glance.
- BID-15783: Computer Associates CleverPath Portal Login Page Cross-Site Scripting Vulnerability
- CVE-2005-4150: Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.
- OSVDB ID: 21575: CA CleverPath Portal Login Page XSS
- SA17962: CA CleverPath Portal Login Page Cross-Site Scripting Vulnerability
Platforms Affected:
- CA CleverPath Portal 4.7
- HP HP-UX 11i
- IBM AIX 5.1
- Microsoft Windows 2000 Server
- Microsoft Windows 2003 Server
- SUSE SuSE Linux 8.0
- SUSE SuSE Linux 9.0
Reported:
Dec 09, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net