Vulnerability in Broadcom Total_defense

CVE-2011-1655

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.099 (93.1th percentile) — read the EPSS interpretation.

Affected products

Broadcom Total_defense — versions r12
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability (mailing-list, x_refsource_BUGTRAQ)
44097 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
ADV-2011-0977 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
1025353 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
47356 (vdb-entry, x_refsource_BID)
totaldefense-uncsw-code-execution(66727) (vdb-entry, x_refsource_XF)
20110413 CA20110413-01: Security Notice for CA Total Defense (mailing-list, x_refsource_BUGTRAQ)