Back to search
CVE-2011-1655
Published: Apr 15, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
44097
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0977
vdb-entry
x_refsource_VUPEN
1025353
vdb-entry
x_refsource_SECTRACK
http://www.zerodayinitiative.com/advisories/ZDI-11-127/
x_refsource_MISC
47356
vdb-entry
x_refsource_BID
totaldefense-uncsw-code-execution(66727)
vdb-entry
x_refsource_XF
20110413 CA20110413-01: Security Notice for CA Total Defense
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now