Path Traversal in Broadcom Total_defense

CVE-2011-1654

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal seq…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.

Affected products

Broadcom Total_defense — versions r12
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

44097 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
totaldefense-fileuploadhandler-file-upload(66726) (vdb-entry, x_refsource_XF)
ADV-2011-0977 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
1025353 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
47357 (vdb-entry, x_refsource_BID)
20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
20110413 CA20110413-01: Security Notice for CA Total Defense (mailing-list, x_refsource_BUGTRAQ)