April 2011 - Posts - CA Security Response Blog

This Blog

Home
Contact

Syndication

April 2011 - Posts

CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

Published: April 26 2011, 05:48 PM | no comments
by Kevin Kotas

I published a new security notice today for WebFort VAS. The notice addresses multiple web-based vulnerabilities with an overall risk rating of Medium. We are not aware of any active exploitation of these issues at this time.

CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A71F5839-D214-4719-B918-4476E4537998}

Kevin Kotas
CA Technologies Product Vulnerability Response Team

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.

Share this post:

By: Kevin Kotas
Kevin Kotas is an Engineering Services Architect with the CA Product Vulnerability Response Team. He has over thirteen years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science...
Read More..

CA20110420-01: Security Notice for CA SiteMinder

Published: April 21 2011, 01:08 AM | no comments
by Ken Williams

Today, 2011-04-20, we published a security notice to address a vulnerability in CA SiteMinder. The security notice includes information about a medium risk vulnerability that was discovered and reported by April King (april@twoevils.org). The vulnerability could potentially allow a malicious user to send specially crafted data to impersonate another user. Only SiteMinder ISS 6.0 Web Agents are affected. We are not aware of this issue being exploited in the wild. Due to the relative complexity of exploitation, we do not anticipate widespread exploitation activity.

Currently, we have patches available for all supported versions of CA SiteMinder.

The security notice for this vulnerability is published on the CA Technologies Support web site:

CA20110420-01: Security Notice for CA SiteMinder
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={1BF29B14-C5FB-4BD3-9113-68E2426E4381}

Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

Share this post:

Tags: Vulnerability, SiteMinder, CVE-2011-1718, CA20110420-01

By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..

CA20110420-02: Security Notice for CA Output Management Web Viewer

Published: April 20 2011, 10:16 PM | no comments
by Ken Williams

Today, 2011-04-20, we published a security notice to address vulnerabilities in CA Output Management Web Viewer. The security notice includes information about two high risk vulnerabilities that were discovered and reported by Dmitriy Pletnev, Secunia Research. Both vulnerabilities could potentially allow a remote attacker to execute arbitrary code. We are not aware of either of these issues being exploited in the wild.

Currently, we have patches available for all supported versions of CA Output Management Web Viewer that are affected by these vulnerabilities.

The security notice for this vulnerability is published on the CA Technologies Support web site:

CA20110420-02: Security Notice for CA Output Management Web Viewer
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}

Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA Technologies.

Share this post:

Tags: Vulnerability, Buffer Overflow, CVE-2011-1719, Output Management Web Viewer, RO29119, CA20110420-02, Secunia, RO29120

CA20110413-01: Security Notice for CA Total Defense

Published: April 13 2011, 09:22 PM | no comments
by Kevin Kotas

Today, I published a new security notice to address several vulnerabilties in CA Total Defense reported to CA by TippingPoint. Updates are now available. At this time, we are not aware of any exploitation of these vulnerabilities. See the notice for more details.

CA20110413-01: Security Notice for CA Total Defense
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

Kevin Kotas
CA Technologies Product Vulnerability Response Team

The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.

Share this post:

Tags: CA20110413-01

CA Community

April 2011 - Posts

CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

Leave a comment

CA20110420-01: Security Notice for CA SiteMinder

Leave a comment

CA20110420-02: Security Notice for CA Output Management Web Viewer

Leave a comment

CA20110413-01: Security Notice for CA Total Defense

Leave a comment