ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

Posted by ZDI Disclosures on Apr 13

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-127

April 13, 2011

— CVE ID:
CVE-2011-1655

— CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

— Affected Vendors:
CA

— Affected Products:
CA Total Defense Suite

— TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by…

Source: ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability