Vulnerability Detail

CA Secure Content Manager multiple HTTP Gateway Service vulnerabilities

Date Discovered:
3 Jun 2008

Date Published:
4 Jun 2008

Last Updated:
4 Jun 2008

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 36408
Discovered By: Sebastian Apelt & Cody Pierce

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: A remote attacker can cause a denial of service condition or execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA Secure Content Manager contains vulnerabilities that can allow a remote attacker to cause a denial of service condition or execute arbitrary code. These vulnerabilities are due to insufficient bounds checking on certain FTP requests. An attacker can make a specially crafted request to cause a denial of service condition or execute arbitrary code.

Recommendations

-------------------------------------------------------------------------------
For: CA eTrust Secure Content Manager 8.0

Please download and apply the following patches from ca site:-

QO99987

https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=QO99987

Affected Technologies

Computer Associates: CA eTrust Secure Content Manager 8.0

References

CA:contentID:177784
Mitre CVE: CVE-2008-2541

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools