CVE-2009-3588

CVE-2009-3588 (and 3587) describe a DoS vulnerability in CA’s arclib component used by CA Anti-Virus for Enterprise and related CA products. A crafted RAR archive can trigger stack corruption (CVE-3588) and heap corruption (CVE-3587); CVE-3587 also notes possible arbitrary-code execution. Affecte...

CVE-2009-3587

CA ARclib DoS vulnerabilities (CVE-2009-3587/3588) affect CA Anti-Virus for the Enterprise and related CA products; exploitation via crafted RAR archives can trigger heap or stack corruption and may lead to denial of service and possibly arbitrary code execution. Affected products listed include ...

CVE-2005-3653

CVE-2005-3653 describes a heap-based buffer overflow in the CA iTechnology iGateway service, caused by insufficient boundary checks of the HTTP Content-Length header. An unauthenticated remote attacker can send a crafted HTTP request with a negative Content-Length to trigger a heap overflow, pote...

CVE-2007-2522

Summary (CVE-2007-2522): A stack-based buffer overflow in the CA Console Server component (InoWeb.exe) of multiple CA products (CA Anti-Virus for the Enterprise, CA Threat Manager, CA Anti-Spyware for the Enterprise, CA Protection Suites) allows remote attackers to execute arbitrary code by sendi...

CVE-2007-5439

CVE-2007-5439 affects CA eTrust ITM (Threat Manager) 8.1. The issue is that sensitive user information is stored in log files with predictable names, allowing a remote attacker to obtain the data via unspecified vectors. This is stated across the CVE records, including NVD, and connected document...

CVE-2007-5437

The CVE-2007-5437 entry affects CA eTrust ITM (Threat Manager) 8.1, where the web console allows remote attackers to redirect users to arbitrary web sites by supplying a crafted HTTP URL targeting port 6689. This describes a client redirection vulnerability in the web interface, with no explicit ...