Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14540
HistoryOct 04, 2006 - 12:00 a.m.

[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability

2006-10-0400:00:00
vulners.com
22
JSON

Title: CAID 34661: CA Unicenter WSDM File System Read Access
Vulnerability

CA Vulnerability ID (CAID): 34661

CA Advisory Date: 2006-10-03

Discovered By:
Oliver Karow, Symantec Security Consultant
oliver_karow at symantec dot com
Richard Sammet, Symantec Security Consultant
richard_sammet at symantec dot com

Impact: Remote attacker can access sensitive information.

Summary: Unicenter Web Services Distributed Management 3.1 uses a
known vulnerable version of Jetty WebServer, an open source java
web server. An advisory describing the Jetty WebServer
vulnerability can be found at
http://www.securityfocus.com/bid/11330. The vulnerability allows
a remote attacker to gain full read access on the install
partitions file system of the Unicenter WSDM host system through a
directory traversal attack
[e.g. http://192.168.50.31:8282/..\..\..\..\boot.ini].

Mitigating Factors: This is an older vulnerability that was
addressed in December 2004 with the release of Unicenter Web
Services Distributed Management (WSDM) 3.11.

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
CA Unicenter Web Services Distributed Management (WSDM) 3.1

Affected platforms:
Red Hat Linux
Solaris
SUSE Linux
Microsoft Windows

Status and Recommendation:
This vulnerability was addressed in December 2004 with the release
of Unicenter Web Services Distributed Management (WSDM) 3.11.
Customers using Unicenter WSDM 3.1 should upgrade to WSDM 3.11 or
later through the CA SupportConnect web site at
http://supportconnect.ca.com.

Determining if you are affected:
The WSDM version in use can be determined by viewing the
downloaded package name. Search for files named CAWSDM_3_1.xxx.

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Important Security Notice for CA Unicenter WSDM (File System Read
Access Vulnerability)
http://supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp
CAID: 34661
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34661
Discoverer: Symantec
http://www.symantec.com
CVE Reference: CVE-2004-2478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2478
OSVDB Reference: OSVDB ID: 10490
http://osvdb.org/10490

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to [email protected], or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to [email protected], or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.asp;

Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One Computer Associates Plaza. Islandia, NY 11749

Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright © 2006 CA. All rights reserved.

Related

cve 1
cve
cve
CVE-2004-2478
2004-12-31 05:00:00
JSON
Related for SECURITYVULNS:DOC:14540
cve1