Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2667

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2667
Last Modified 21 Sep 2011 11:32:09
Published 28 Jul 2011 06:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2667

Summary

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Vulnerable Systems

Application

  • Ca Gateway Security 8.1

  • Ca Total Defense R12


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}

XF - totaldefense-gateway-url-code-execution(68736)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-237/

BID - 48813

BUGTRAQ - 20110720 CA20110720-01: Security Notice for CA Gateway Security and Total Defense

BUGTRAQ - 20110720 ZDI-11-237: CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability

SECTRACK - 1025813

SECTRACK - 1025812

SREASON - 8316

SECUNIA - 45332


Last Updated: 27 May 2016 10:57:04