PT-2011-4014 · Ca · Ca Total Defense+2

Andrea Micalizzi

Publicado

2011-07-20

Atualizado

2021-04-12

CVE-2011-2667

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA Gateway Security versions prior to 8.1.0.69 CA Total Defense version r12

Description The issue is related to the improper parsing of URLs by Icihttp.exe in CA Gateway Security for HTTP, allowing remote attackers to execute arbitrary code or cause a denial of service through a malformed request, resulting in heap memory corruption and daemon crash.

Recommendations For CA Gateway Security versions prior to 8.1.0.69, update to version 8.1.0.69 or later. For CA Total Defense version r12, consider disabling the Icihttp.exe component until a patch is available. Restrict access to the HTTP packet processing module to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2011-2667

ZDI-11-237

Produtos afetados

Ca Gateway Security

Ca Total Defense

Icihttp.Exe

PT-2011-4014 · Ca · Ca Total Defense+2

CVE-2011-2667

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12