Vulnerability Description
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Total Defense | r12 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/44097Vendor Advisory
- http://securitytracker.com/id?1025353
- http://www.securityfocus.com/archive/1/517488/100/0/threaded
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/bid/47357
- http://www.vupen.com/english/advisories/2011/0977Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-11-126/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66726
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-
- http://secunia.com/advisories/44097Vendor Advisory
- http://securitytracker.com/id?1025353
- http://www.securityfocus.com/archive/1/517488/100/0/threaded
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/bid/47357
- http://www.vupen.com/english/advisories/2011/0977Vendor Advisory
FAQ
What is CVE-2011-1654?
CVE-2011-1654 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arb...
How severe is CVE-2011-1654?
CVE-2011-1654 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1654?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Total Defense.