CVE-2011-1654: Path Traversal
First published: Fri Apr 15 2011(Updated: )
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Total Defense | =r12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2011/0977
- http://www.zerodayinitiative.com/advisories/ZDI-11-126/
- http://secunia.com/advisories/44097
- http://securitytracker.com/id?1025353
- http://www.securityfocus.com/bid/47357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66726
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/archive/1/517488/100/0/threaded
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
Frequently Asked Questions
What is the severity of CVE-2011-1654?
CVE-2011-1654 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2011-1654?
To fix CVE-2011-1654, it is recommended to apply the latest patches or updates provided by Broadcom for CA Total Defense r12.
Who is affected by CVE-2011-1654?
CVE-2011-1654 affects users of CA Total Defense r12 before SE2, particularly those using the Heartbeat Web Service.
What type of attack can exploit CVE-2011-1654?
CVE-2011-1654 can be exploited through directory traversal attacks to execute arbitrary code on the affected server.
What software is impacted by CVE-2011-1654?
CVE-2011-1654 impacts the CA.Total_Defense software version r12, specifically the ManagementWS.dll component.
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/broadcom
- canonical/broadcom total defense
- version/broadcom total defense/r12