CVE-2011-2667: Buffer Overflow
First published: Thu Jul 28 2011(Updated: )
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Total Defense | =r12 | |
| Symantec Gateway Security | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1025812
- http://secunia.com/advisories/45332
- http://www.securityfocus.com/bid/48813
- http://www.zerodayinitiative.com/advisories/ZDI-11-237/
- http://securitytracker.com/id?1025813
- http://securityreason.com/securityalert/8316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68736
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}
- http://www.securityfocus.com/archive/1/518935/100/0/threaded
- http://www.securityfocus.com/archive/1/518934/100/0/threaded
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5E404992-6B58-4C44-A29D-027D05B6285D%7D
Frequently Asked Questions
What is the severity of CVE-2011-2667?
CVE-2011-2667 is classified as a critical vulnerability due to its potential for arbitrary code execution and denial of service.
How do I fix CVE-2011-2667?
To fix CVE-2011-2667, upgrade CA Gateway Security to version 8.1.0.69 or later, or update Broadcom Total Defense to the latest available version.
What types of attacks can exploit CVE-2011-2667?
CVE-2011-2667 can be exploited through malformed HTTP requests that lead to heap memory corruption.
Which software is affected by CVE-2011-2667?
CVE-2011-2667 affects CA Gateway Security 8.1 before version 8.1.0.69 and CA Total Defense r12.
What are the consequences of exploiting CVE-2011-2667?
Exploiting CVE-2011-2667 could result in remote code execution or a denial of service, causing service disruptions.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/broadcom
- canonical/broadcom total defense
- version/broadcom total defense/r12
- vendor/ca
- canonical/symantec gateway security
- version/symantec gateway security/8.1