SPS affwebservices/router/session resources vulnerable to an XXE injection attack

Document ID:  TEC1317181
Last Modified Date:  07/04/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA Single Sign-On


  • CA Single Sign-On:Release:12.52 SP1



I'm running SPS and when reaching the following resource on it




we've found a vulnerability to an XXE injection attack. Indeed an attacker exploiting this vulnerability is able to retrieve confidential data and access sensitive files on the server, e.g. the Linux "/etc/passwd" file when SPS runs on Linux.


Policy Server 12.52SP1CR02 SPS 12.52SP1

SiteMinder's "affwebservices" part contains two SOAP services: router and session. You can send a SOAP request to the endpoints with an external entity reference inside the parameter, this will cause an exception when the service tries to parse the contents of a requested system file (/etc/passwd, for example) into a valid date/timestamp. But the server response will show the content of the /etc/passwd file.


This issue is fixed in SPS 12.52SP1CR06


When hitting the URL, the browser should received return code 404


00424351 DE172435

CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.


defects fixed in 1252sp1cr06

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile

  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing