CVE-2011-1655 Information
Description
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests which makes it easier for remote attackers to obtain database credentials and subsequently execute arbitrary code by sniffing the network related to the UNCWS Web Service.
Reference
http://secunia.com/advisories/44097 http://securitytracker.com/id?1025353 http://www.securityfocus.com/archive/1/517492/100/0/threaded http://www.securityfocus.com/archive/1/517494/100/0/threaded http://www.securityfocus.com/bid/47356 http://www.vupen.com/english/advisories/2011/0977 http://www.zerodayinitiative.com/advisories/ZDI-11-127/ https://exchange.xforce.ibmcloud.com/vulnerabilities/66727 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866
Share on: