Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1654

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1654
Last Modified 20 Apr 2011 12:00:00
Published 18 Apr 2011 11:00:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1654

Summary

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

Vulnerable Systems

Application

  • Ca Total Defense R12


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

XF - totaldefense-fileuploadhandler-file-upload(66726)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-126/

VUPEN - ADV-2011-0977

BID - 47357

BUGTRAQ - 20110413 CA20110413-01: Security Notice for CA Total Defense

BUGTRAQ - 20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

SECTRACK - 1025353

SECUNIA - 44097


Last Updated: 27 May 2016 10:56:23