Netegrity SiteMinder Authentication Bypass Vulnerability
Netegrity has released an upgrade (version 4.11) that addresses this issue, and is the current shipping version. However, the upgrade still does not properly protect content that has no extension in the filename. This content will still be vulnerable to the same disclosure method. To address this, users of SiteMinder should apply the patch or upgrade and then rename any affected files, ading an extension.
The upgrade and patches are available from Netegrity's support site at:
A valid customer ID and password is required. Netegrity customer service can also be reached by telephone at (800)-325-9870