CVE-2003-1311 Information

Description

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.

Reference

http://curl.haxx.se/mail/archive-2003-05/0172.html [curl-users] 20030529 Re: https redirection and authentication using POST http://www.osvdb.org/30741