PT-2010-5216 · Ca · Ca Arcserve Replication/High Availability+3
Abdulaziz Hariri
·
Publicado
2010-12-09
·
Atualizado
2018-10-10
·
CVE-2010-3984
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CA XOsoft Replication versions r12.0 SP1 through r12.5 SP2 rollup
CA XOsoft High Availability versions r12.0 SP1 through r12.5 SP2 rollup
CA XOsoft Content Distribution versions r12.0 SP1 through r12.5 SP2 rollup
CA ARCserve Replication and High Availability (RHA) version r15.0 SP1
Description
The issue allows remote attackers to execute arbitrary code via a crafted
create session bab operation in a SOAP request to the "xosoapapi.asmx" endpoint.Recommendations
For CA XOsoft Replication versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the
create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available.
For CA XOsoft High Availability versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available.
For CA XOsoft Content Distribution versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available.
For CA ARCserve Replication and High Availability (RHA) version r15.0 SP1, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ca Arcserve Replication/High Availability
Ca Xosoft Content Distribution
Ca Xosoft High Availability
Ca Xosoft Replication