CyberSec.Space Logo
Back to CVE Browser

CVE-2011-2667

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile5.94th
PublishedJul 28, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Total Defense

= r12
πŸ“¦
Ca

Gateway Security

= 8.1

References & Advisories

πŸ”— http://secunia.com/advisories/45332
πŸ”— http://securityreason.com/securityalert/8316
πŸ”— http://securitytracker.com/id?1025812
πŸ”— http://securitytracker.com/id?1025813
πŸ”— http://www.securityfocus.com/archive/1/518934/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/518935/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/48813
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-11-237/

Related Vulnerabilities

CVE-2011-165310.0

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow r...

CVE-2021-238748.2

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated p...

CVE-2019-133577.8

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local a...

CVE-2019-133567.8

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUp...