3 matches found
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability
ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...
CVE-2011-1655
The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...
Code injection
The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...