PT-2011-4014 · Ca · Ca Total Defense+2

Andrea Micalizzi

Published

2011-07-20

Updated

2021-04-12

CVE-2011-2667

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA Gateway Security versions prior to 8.1.0.69 CA Total Defense version r12

Description The issue is related to the improper parsing of URLs by Icihttp.exe in CA Gateway Security for HTTP, allowing remote attackers to execute arbitrary code or cause a denial of service through a malformed request, resulting in heap memory corruption and daemon crash.

Recommendations For CA Gateway Security versions prior to 8.1.0.69, update to version 8.1.0.69 or later. For CA Total Defense version r12, consider disabling the Icihttp.exe component until a patch is available. Restrict access to the HTTP packet processing module to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-2667

ZDI-11-237

Affected Products

Ca Gateway Security

Ca Total Defense

Icihttp.Exe

PT-2011-4014 · Ca · Ca Total Defense+2

CVE-2011-2667

Weakness Enumeration

Related Identifiers

Affected Products

References · 12