CA Security Response Blog

CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

Ken Williams — Tue, 16 Jun 2009 02:30:00 GMT

On June 15th, 2009, CA published a security notice to address a vulnerability in CA Service Desk. Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability CA Advisory Reference: CA20090615-02 CA Advisory Date: 2009-06-15 Impact: A remote attacker can inject arbitrary web script or HTML. Summary: The release of Tomcat as included with CA Service Desk r11.2 is potentially...

CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities

Ken Williams — Tue, 16 Jun 2009 02:00:00 GMT

On June 15th, 2009, CA published a security notice to address multiple vulnerabilities in CA ARCserve Backup. Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities CA Advisory Reference: CA20090615-01 CA Advisory Date: 2009-06-15 Reported By: iViZ Security Research Team Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve...

Updated: CA20090126-01: Security Notice for CA Anti-Virus Engine

Ken Williams — Tue, 12 May 2009 13:09:00 GMT

On January 26th, 2009, CA published a security notice to address multiple vulnerabilities in the CA Anti-Virus engine. On May 12th, 2009, CA updated this security notice with CA ARCserve patch solution details. Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CA Advisory Reference: CA20090126-01 CA Advisory Date: 2009-01-26 CA Advisory...

CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities

Ken Williams — Wed, 29 Apr 2009 19:25:00 GMT

On April 29th, 2009, CA published a security notice to address multiple vulnerabilities in CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX. Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities CA Advisory Reference: CA20090429-01 CA Advisory Date: 2009-04-29 Reported By: Apache Software Foundation David Endler of iDefense Ulf Harnhammar...

CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities

Ken Williams — Tue, 27 Jan 2009 03:50:00 GMT

On January 26th, 2009, CA published a security notice to address multiple vulnerabilities in the CA Anti-Virus engine. Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CA Advisory Reference: CA20090126-01 CA Advisory Date: 2009-01-26 Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG Impact: A remote attacker can evade...

CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

Ken Williams — Fri, 23 Jan 2009 23:04:00 GMT

On January 23rd, 2009, CA published a security notice to address multiple vulnerabilities in CA Cohesion Application Configuration Manager. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities CA Advisory Reference: CA20090123-01 CA Advisory Date: 2009-01-23 Reported By: n/a Impact: Refer to the CVE identifiers for details. Summary: Multiple security risks exist in Apache...

CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability

Ken Williams — Wed, 07 Jan 2009 21:23:00 GMT

On January 7th, 2009, CA published a security notice to address a vulnerability in CA Service Metric Analysis and CA Service Level Management. Title: CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability CA Advisory Reference: CA20090107-01 CA Advisory Date: 2009-01-07 Reported By: Michel Arboi of Tenable Network...

CA ARCserve Backup LDBserver Vulnerability

Ken Williams — Wed, 10 Dec 2008 21:10:00 GMT

On December 10th, 2008, CA published a security notice to address a vulnerability in CA ARCserve Backup LDBserver. Title: CA ARCserve Backup LDBserver Vulnerability CA Advisory Date: 2008-12-10 Reported By: Dyon Balding of Secunia Research Impact: A remote attacker can cause a denial of service or execute arbitrary code. Summary: CA ARCserve Backup contains a vulnerability that can...

CA ARCserve Backup Multiple Vulnerabilities

Ken Williams — Thu, 09 Oct 2008 21:23:00 GMT

On October 9th, 2008, CA published a security notice to address multiple vulnerabilities in CA ARCserve Backup. Title: CA ARCserve Backup Multiple Vulnerabilities CA Advisory Date: 2008-10-09 Reported By: Haifei Li of Fortinet's FortiGuard Global Security Research Team Vulnerability Research Team of Assurent Secure Technologies, a TELUS Company Greg Linares of eEye Digital Security Impact:...

CA Service Desk Multiple Cross-Site Scripting Vulnerabilities

Ken Williams — Fri, 26 Sep 2008 01:51:00 GMT

On September 24th, 2008, CA published a security notice to address multiple vulnerabilities in CA Service Desk. Title: CA Service Desk Multiple Cross-Site Scripting Vulnerabilities CA Advisory Date: 2008-09-24 Reported By: Open Security Foundation Impact: A remote attacker can conduct cross-site scripting attacks. Summary: CA Service Desk contains multiple vulnerabilities that can allow a...

CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities

Ken Williams — Tue, 12 Aug 2008 19:04:00 GMT

On August 11th, 2008, CA published a security notice to address two vulnerabilities in the CA Host-Based Intrusion Prevention System SDK. Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities CA Advisory Date: 2008-08-11 Reported By: CVE-2008-2926 - Tobias Klein CVE-2008-3174 - Elazar Broad Impact: A remote attacker can cause a denial of service or possibly...

CA Products That Embed Ingres Multiple Vulnerabilities

Ken Williams — Wed, 06 Aug 2008 15:55:00 GMT

On August 1st, 2008, CA published a security notice to address multiple vulnerabilities in CA products that embed Ingres. Title: CA Products That Embed Ingres Multiple Vulnerabilities CA Advisory Date: 2008-08-01 Reported By: iDefense Labs Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition. Summary: CA products that embed Ingres...

CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability

Ken Williams — Fri, 01 Aug 2008 10:24:00 GMT

On July 31st, 2008, CA published a security notice to address a vulnerability in CA ARCserve Backup. Title: CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability CA Advisory Date: 2008-07-31 Reported By: Vulnerability Research Team of Assurent Secure Technologies, a TELUS Company Impact: A remote attacker can execute arbitrary code or cause a denial of service...

CA ARCserve Backup Discovery Service Denial of Service Vulnerability

Ken Williams — Wed, 18 Jun 2008 14:16:00 GMT

On June 17th, 2008, CA published a security notice to address a vulnerability in CA ARCserve Backup. Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability CA Advisory Date: 2008-06-17 Reported By: Luigi Auriemma Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that...

CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities

Ken Williams — Wed, 04 Jun 2008 20:28:00 GMT

On June 3rd, 2008, CA published a security notice to address multiple vulnerabilities in CA Secure Content Manager. Title: CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities CA Advisory Date: 2008-06-03 Reported By: Sebastian Apelt working with ZDI/TippingPoint; Cody Pierce, TippingPoint DVLabs Impact: A remote attacker can cause a denial of service or execute arbitrary...