1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: CA Total Defense UNCWS CVE-2011-1653

Web Attack: CA Total Defense UNCWS CVE-2011-1653

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to a remote code execution vulnerability in CA Total Defense Web Service application.

Additional Information

Computer Associates Total Defense is a suite of security software including antivirus, anti-spyware, gateway security, and host-based intrusion prevention.

The application is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input to the following stored procedures:

'UnassignFunctionalUsers'
'UnassignAdminRoles'
'DeleteFilter'
'NonAssignedUserList'
'DeleteReportLayout'
'DeleteReports'
'RegenerateReport'

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. This may also allow an attacker to execute arbitrary commands through an 'exec()' function call with SYSTEM-level privileges, completely compromising an affected computer.

Total Defense versions prior to 12 SE2 are affected.

Affected

  • Total Defense versions prior to 12 SE2 are affected.

Response

Vendor has released an update to resolve this issue. Please visit the vendor's website for further details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube