Published:
December 09 2009, 10:00 AM
|
no comments
by
Kevin Kotas
On Tuesday, December 9th, 2009, I published a new security notice, CA20091208-01, that describes a low risk cross-site scripting issue with CA Service Desk. At the time of this post, we are not aware of any active exploitation in the wild. See the link below for patch and other information.
CA20091208-01: Security Notice for CA Service Desk
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=223999
Kevin Kotas
CA Product Vulnerability Response Team
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.
By: Kevin Kotas
Kevin Kotas is a Senior Research Engineer with the CA Product Vulnerability Response Team. He has over ten years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina...
Read More..
Published:
October 09 2009, 08:54 AM
|
no comments
by
Ken Williams
On Thursday, October 8, the CA Product Vulnerability Response Team published a security notice to address two vulnerability issues in the anti-virus engine. Both of the vulnerabilities are considered to be medium risk issues. We're not aware of any active exploitation of these vulnerabilities. Note that if your product is configured for automatic updates, you should already be protected, and you need to take no action. The security notice can be found at the link below.
CA20091008-01: Security Notice for CA Anti-Virus Engine
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
Regards,
Ken Williams
Director, CA Product Vulnerability Response Team
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..
By: Kevin Kotas
Kevin Kotas is a Senior Research Engineer with the CA Product Vulnerability Response Team. He has over ten years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina...
Read More..
By: Kevin Kotas
Kevin Kotas is a Senior Research Engineer with the CA Product Vulnerability Response Team. He has over ten years of vulnerability management experience and discovered several vulnerabilities in products from multiple major software providers. Kevin holds a B.S. degree in Computer Science from North Carolina...
Read More..
Published:
June 15 2009, 10:30 PM
|
no comments
by
Ken Williams
On June 15th, 2009, CA published a security notice to address a vulnerability in CA Service Desk.
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
Impact: A remote attacker can inject arbitrary web script or HTML.
Summary: The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures.
Mitigating Factors: None
Severity: CA has given this vulnerability a Medium risk rating.
Affected Products:
CA Service Desk r11.2
Affected Platforms:
Windows, Unix
Status and Recommendation:
Follow the instructions in technical document TEC489643.
How to determine if the installation is affected:
Customers can use the instructions in technical document TEC489643 to determine if an installation may be affected.
Workaround:
None
References (URLs may wrap):
CA Support:
https://support.ca.com/
CA20090615-02: Security Notice for CA Service Desk
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
Solution Document Reference APARs:
TEC489643
CA Security Response Blog posting:
CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15.aspx
CVE References:
CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at https://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
The opinions and statements on this site are my own and do not necessarily reflect the opinions or policies of CA.
By: Ken Williams
Ken Williams is a Director with the CA Vulnerability Research Team. As a veteran vulnerability researcher, Ken has worked as the Director of the CA Vulnerability Research Team and eVM Research Team, Director of Vulnerability Research at eSecurityOnline, Manager of the Vulnerability Research Team at Ernst...
Read More..