SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2011-1655

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1025353

http://www.securityfocus.com/archive/1/517494/100/0/threaded

http://www.securityfocus.com/archive/1/517492/100/0/threaded

SECUNIA-44097

BID-47356

ADV-2011-0977

http://www.zerodayinitiative.com/advisories/ZDI-11-127/

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

totaldefense-uncsw-code-execution(66727)


30479



423868



248038



909



194772



282