Back to search
CVE-2011-1654
Published: Apr 15, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
44097
third-party-advisory
x_refsource_SECUNIA
totaldefense-fileuploadhandler-file-upload(66726)
vdb-entry
x_refsource_XF
ADV-2011-0977
vdb-entry
x_refsource_VUPEN
1025353
vdb-entry
x_refsource_SECTRACK
47357
vdb-entry
x_refsource_BID
20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability
mailing-list
x_refsource_BUGTRAQ
http://www.zerodayinitiative.com/advisories/ZDI-11-126/
x_refsource_MISC
20110413 CA20110413-01: Security Notice for CA Total Defense
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now