Computer Security
[EN] securityvulns.ru no-pyccku


Computer Associates applications multiple security vulnerabilities
Published:08.08.2009
Source:
SecurityVulns ID:10122
Type:remote
Threat Level:
7/10
Description:Multiple vulnerabilities, inluding remote buffer overflow.
Affected:CA : Unicenter Asset Portfolio Management 11.3
 CA : Unicenter Desktop and Server Management 11.2
 CA : Unicenter Patch Management 11.2
CVE:CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.)
 CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.)
Original documentdocumentCA, CA20090806-01: Security Notice for Data Transport Services (08.08.2009)
 documentEMC, ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S (08.08.2009)
 documentZDI, ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability (08.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod