Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1655

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1655
Last Modified 20 Apr 2011 12:00:00
Published 18 Apr 2011 11:00:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1655

Summary

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

Vulnerable Systems

Application

  • Ca Total Defense R12


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

XF - totaldefense-uncsw-code-execution(66727)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-127/

VUPEN - ADV-2011-0977

BID - 47356

BUGTRAQ - 20110413 CA20110413-01: Security Notice for CA Total Defense

BUGTRAQ - 20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

SECTRACK - 1025353

SECUNIA - 44097


Last Updated: 27 May 2016 10:56:23