View my documents ()
 Home > Insights > Blogs 

CA Community

CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

Published: June 15 2009, 10:30 PM
by Ken Williams

On June 15th, 2009, CA published a security notice to address a vulnerability in CA Service Desk.

Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

CA Advisory Reference: CA20090615-02

CA Advisory Date: 2009-06-15

Impact: A remote attacker can inject arbitrary web script or HTML.

Summary: The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability.  CA has issued a technical document that describes remediation procedures.

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
CA Service Desk r11.2

Affected Platforms:
Windows, Unix

Status and Recommendation:
Follow the instructions in technical document TEC489643.

How to determine if the installation is affected:
Customers can use the instructions in technical document TEC489643 to determine if an installation may be affected.

Workaround:
None

References (URLs may wrap):
CA Support:
https://support.ca.com/
CA20090615-02: Security Notice for CA Service Desk
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
Solution Document Reference APARs:
TEC489643
CA Security Response Blog posting:
CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15.aspx
CVE References:
CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at https://support.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.

Share this post:  EmailEmail
ShareShare

Tags: , , , ,

Leave a comment

By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  
 
 
Page Tools
ShareShare