CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-2667

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile5.94th
Published2011年7月28日
Last Modified2026年4月29日

Vulnerability Description

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Affected Platforms (CPE)

📦
Broadcom

Total Defense

= r12
📦
Ca

Gateway Security

= 8.1

References & Advisories

🔗 http://secunia.com/advisories/45332
🔗 http://securityreason.com/securityalert/8316
🔗 http://securitytracker.com/id?1025812
🔗 http://securitytracker.com/id?1025813
🔗 http://www.securityfocus.com/archive/1/518934/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/518935/100/0/threaded
🔗 http://www.securityfocus.com/bid/48813
🔗 http://www.zerodayinitiative.com/advisories/ZDI-11-237/

関連する脆弱性情報

CVE-2011-165310.0

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow r...

CVE-2021-238748.2

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated p...

CVE-2019-133577.8

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local a...

CVE-2019-133567.8

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUp...