Secunia Security Advisory - CA has acknowledged some vulnerabilities in various CA products, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, cause a DoS (Denial of Service).
41dca450e68b6ae7962eced75e2fbfc42ec925313a1eea55f0761b99024def41
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
CA Products Apache Tomcat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA33668
VERIFY ADVISORY:
http://secunia.com/advisories/33668/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Cross Site Scripting, Exposure of sensitive
information, DoS
WHERE:
>From remote
SOFTWARE:
CA Unicenter Service Desk 11.x
http://secunia.com/advisories/product/7123/
CA CMDB 11.x
http://secunia.com/advisories/product/19967/
CA Cohesion Application Configuration Manager 4.x
http://secunia.com/advisories/product/21107/
DESCRIPTION:
CA has acknowledged some vulnerabilities in various CA products,
which can be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, cause a DoS (Denial of Service).
The vulnerabilities are caused due to the usage of vulnerable Apache
Tomcat versions.
For more information:
SA17416
SA24732
SA25678
SA25721
SA26465
SA26466
SA28552
The vulnerabilities are reported in the following products and
versions:
* CA Cohesion Application Configuration Manager 4.5
* CA CMDB Application Server 11.1
* Unicenter Service Desk 11.2
SOLUTION:
Apply patch RO04648.
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO04648
ORIGINAL ADVISORY:
CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
OTHER REFERENCES:
SA17416:
http://secunia.com/advisories/17416/
SA24732:
http://secunia.com/advisories/24732/
SA25678:
http://secunia.com/advisories/25678/
SA25721:
http://secunia.com/advisories/25721/
SA26465:
http://secunia.com/advisories/26465/
SA26466:
http://secunia.com/advisories/26466/
SA28552:
http://secunia.com/advisories/28552/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------