PT-2011-3268 · Ca · Ca Total Defense

Andrea Micalizzi

Publicado

2011-04-13

Atualizado

2021-04-12

CVE-2011-1654

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CA Total Defense versions prior to r12 SE2

Description A directory traversal issue exists in the Heartbeat Web Service, allowing remote attackers to execute arbitrary code. This is achieved by using directory traversal sequences in the GUID parameter within an upload request to the "FileUploadHandler.ashx" endpoint.

Recommendations For versions prior to r12 SE2, update to r12 SE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadHandler.ashx endpoint to minimize the risk of exploitation. Avoid using the GUID parameter in the affected endpoint until the issue is resolved.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2011-1654

ZDI-11-126

Produtos afetados

Ca Total Defense

PT-2011-3268 · Ca · Ca Total Defense

CVE-2011-1654

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11