PT-2011-3268 · Ca · Ca Total Defense

Andrea Micalizzi

Published

2011-04-13

Updated

2021-04-12

CVE-2011-1654

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CA Total Defense versions prior to r12 SE2

Description A directory traversal issue exists in the Heartbeat Web Service, allowing remote attackers to execute arbitrary code. This is achieved by using directory traversal sequences in the GUID parameter within an upload request to the "FileUploadHandler.ashx" endpoint.

Recommendations For versions prior to r12 SE2, update to r12 SE2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadHandler.ashx endpoint to minimize the risk of exploitation. Avoid using the GUID parameter in the affected endpoint until the issue is resolved.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2011-1654

ZDI-11-126

Affected Products

Ca Total Defense

PT-2011-3268 · Ca · Ca Total Defense

CVE-2011-1654

Weakness Enumeration

Related Identifiers

Affected Products

References · 11