CVE-2010-3984

Name of the Vulnerable Software and Affected Versions CA XOsoft Replication versions r12.0 SP1 through r12.5 SP2 rollup CA XOsoft High Availability versions r12.0 SP1 through r12.5 SP2 rollup CA XOsoft Content Distribution versions r12.0 SP1 through r12.5 SP2 rollup CA ARCserve Replication and High Availability (RHA) version r15.0 SP1

Description The issue allows remote attackers to execute arbitrary code via a crafted create session bab operation in a SOAP request to the "xosoapapi.asmx" endpoint.

Recommendations For CA XOsoft Replication versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available. For CA XOsoft High Availability versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available. For CA XOsoft Content Distribution versions r12.0 SP1 through r12.5 SP2 rollup, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available. For CA ARCserve Replication and High Availability (RHA) version r15.0 SP1, consider disabling the create session bab operation in the SOAP request to the "xosoapapi.asmx" endpoint until a patch is available.