CVE-2011-2667 Information

Feb 14, 2021 cve

Description

Icihttp.exe in CA Gateway Security for HTTP as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12 does not properly parse URLs which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Reference

http://secunia.com/advisories/45332 http://securityreason.com/securityalert/8316 http://securitytracker.com/id?1025812 http://securitytracker.com/id?1025813 http://www.securityfocus.com/archive/1/518934/100/0/threaded http://www.securityfocus.com/archive/1/518935/100/0/threaded http://www.securityfocus.com/bid/48813 http://www.zerodayinitiative.com/advisories/ZDI-11-237/ https://exchange.xforce.ibmcloud.com/vulnerabilities/68736 totaldefense-gateway-url-code-execution(68736) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=5E404992-6B58-4C44-A29D-027D05B6285D

Share on: