CVE-2011-1654 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.03282.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Total Defense

Configuration 1 [-]

cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2011-1654	Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/44097
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517488/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/bid/47357
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-126/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66726
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-04-15T19:00:00

Updated: 2024-08-06T22:37:25.501Z

Reserved: 2011-04-06T00:00:00

Link: CVE-2011-1654

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-04-18T15:00:43.390

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-1654

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "44097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44097"}, {"name": "totaldefense-fileuploadhandler-file-upload(66726)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"}, {"name": "ADV-2011-0977", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025353"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"name": "47357", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47357"}, {"name": "20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1654", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44097"}, {"name": "totaldefense-fileuploadhandler-file-upload(66726)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"}, {"name": "ADV-2011-0977", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025353"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"}, {"name": "47357", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47357"}, {"name": "20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.501Z"}, "title": "CVE Program Container", "references": [{"name": "44097", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44097"}, {"name": "totaldefense-fileuploadhandler-file-upload(66726)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"}, {"name": "ADV-2011-0977", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025353"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"name": "47357", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47357"}, {"name": "20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1654", "datePublished": "2011-04-15T19:00:00", "dateReserved": "2011-04-06T00:00:00", "dateUpdated": "2024-08-06T22:37:25.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*", "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Heartbeat Web Service de CA.Itm.Server.ManagementWS.dll en Management Server de CA Total Defense (TD) r12 antes de SE2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de secuencias de salto de directorio en el par\u00e1metro GUID en una solicitud de carga a FileUploadHandler.ashx."}], "id": "CVE-2011-1654", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-18T15:00:43.390", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44097"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1025353"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47357"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025353"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}