[email protected]CVE-2011-2667

HistoryJul 28, 2011 - 10:55 p.m.

CVE-2011-2667

2011-07-2822:55:00

CWE-119

[email protected]

web.nvd.nist.gov

ca gateway security

http

icihttp.exe

remote code execution

vulnerability

cve-2011-2667

8.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.166 Low

EPSS

Percentile

96.0%

JSON

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

CPENameOperatorVersion
ca:gateway_securityca gateway securityeq8.1
broadcom:total_defensebroadcom total defenseeqr12

CPE	Name	Operator	Version
ca:gateway_security	ca gateway security	eq	8.1
broadcom:total_defense	broadcom total defense	eq	r12

References

secunia.com/advisories/45332

securityreason.com/securityalert/8316

securitytracker.com/id?1025812

securitytracker.com/id?1025813

www.securityfocus.com/archive/1/518934/100/0/threaded

www.securityfocus.com/archive/1/518935/100/0/threaded

www.securityfocus.com/bid/48813

www.zerodayinitiative.com/advisories/ZDI-11-237/

exchange.xforce.ibmcloud.com/vulnerabilities/68736

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5E404992-6B58-4C44-A29D-027D05B6285D%7D

Social References

8.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.166 Low

EPSS

Percentile

96.0%

JSON

Related for CVE-2011-2667

prion1 securityvulns3 zdi1 nessus1