Info

Disclosure

Dec 09, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

CleverPath Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the Login Page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch QI70871 to address this vulnerability.

Products

Computer Associates International, Inc.

CleverPath Portal

4.7

References

Bugtraq ID: 15783
Secunia Advisory ID: 17962
CVE ID: 2005-4150 (see also: NVD)
ISS X-Force ID: 23536
VUPEN Advisory: ADV-2005-2822
Other Advisory URL: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QI70871

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/21575