Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1654


Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1654
Last Modified 20 Apr 2011 12:00:00
Published 18 Apr 2011 11:00:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

Vulnerable Systems


  • Ca Total Defense R12


CONFIRM -{CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

XF - totaldefense-fileuploadhandler-file-upload(66726)


VUPEN - ADV-2011-0977

BID - 47357

BUGTRAQ - 20110413 CA20110413-01: Security Notice for CA Total Defense

BUGTRAQ - 20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

SECTRACK - 1025353

SECUNIA - 44097

Last Updated: 27 May 2016 10:56:23