Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в продуктах Computer Associates
Опубликовано:8 августа 2009 г.
Источник:
SecurityVulns ID:10122
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные уязвимости, включая удаленное переполнение буфера.
Затронутые продукты:CA : Unicenter Asset Portfolio Management 11.3
 CA : Unicenter Desktop and Server Management 11.2
 CA : Unicenter Patch Management 11.2
CVE:CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.)
 CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.)
Оригинальный текстdocumentCA, CA20090806-01: Security Notice for Data Transport Services (08.08.2009)
 documentEMC, ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S (08.08.2009)
 documentZDI, ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability (08.08.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород