Vulnerability Details CVE-2011-1654
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/44097
- http://securitytracker.com/id?1025353
- http://www.securityfocus.com/archive/1/517488/100/0/threaded
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/bid/47357
- http://www.vupen.com/english/advisories/2011/0977
- http://www.zerodayinitiative.com/advisories/ZDI-11-126/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66726
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
- http://secunia.com/advisories/44097
- http://securitytracker.com/id?1025353
- http://www.securityfocus.com/archive/1/517488/100/0/threaded
- http://www.securityfocus.com/archive/1/517494/100/0/threaded
- http://www.securityfocus.com/bid/47357
- http://www.vupen.com/english/advisories/2011/0977
- http://www.zerodayinitiative.com/advisories/ZDI-11-126/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66726
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
Products affected by CVE-2011-1654
-
cpe:2.3:a:broadcom:total_defense:r12