CVE-2011-1654
CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
Vulnerabilidad de salto de directorio en Heartbeat Web Service de CA.Itm.Server.ManagementWS.dll en Management Server de CA Total Defense (TD) r12 antes de SE2, permite a atacantes remotos ejecutar código arbitrario a través de secuencias de salto de directorio en el parámetro GUID en una solicitud de carga a FileUploadHandler.ashx.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability.
The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-04-06 CVE Reserved
- 2011-04-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1025353 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/517488/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/517494/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/47357 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-126 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66726 | Vdb Entry | |
| https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/44097 | 2023-11-07 | |
| http://www.vupen.com/english/advisories/2011/0977 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Total Defense Search vendor "Broadcom" for product "Total Defense" | r12 Search vendor "Broadcom" for product "Total Defense" and version "r12" | - |
Affected
| ||||||