CVE-2011-2667

Published Jul 28, 2011

Last updated a year ago

Overview

Description: Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0"
          },
          {
            "criteria": "cpe:2.3:a:ca:gateway_security:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF520BDD-DF53-4EB8-9DFE-CCDE422473D0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References