Published:
January 23 2009, 06:04 PM
|
no comments
by
Ken Williams
On January 23rd, 2009, CA published a security notice to address multiple vulnerabilities in CA Cohesion Application Configuration Manager.
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products:
CA Cohesion Application Configuration Manager 4.5
Non-Affected Products
CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms:
Windows
Status and Recommendation:
CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648
How to determine if you are affected:
1. Using Windows Explorer, locate the file "RELEASE-NOTES".
2. By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
3. Open the file with a text editor.
4. If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
CA20090123-01: Security Notice for Cohesion Tomcat
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
Solution Document Reference APARs:
RO04648
CA Security Response Blog posting:
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Reported By:
n/a
CVE References:
CVE-2005-2090
CVE-2005-3510
CVE-2006-3835
CVE-2006-7195
CVE-2006-7196
CVE-2007-0450
CVE-2007-1355
CVE-2007-1358
CVE-2007-1858
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3385 *
CVE-2007-3386
CVE-2008-0128
*Note: the issue was not completely fixed by Tomcat maintainers.
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Tags: Vulnerability, RO04648, Cohesion, Apache Tomcat, CVE-2005-3510, CVE-2006-7196, CVE-2007-1858, CVE-2008-0128, CVE-2006-3835, CVE-2007-3385, CVE-2005-2090, CVE-2006-7195, CVE-2007-3382, CVE-2007-1355, CVE-2007-0450, CVE-2007-2450, CVE-2007-2449, CVE-2007-1358, CVE-2007-3386
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..