Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with CA eTrust Secure Content Manager which is prone to arbitrary code execution and DoS Vulnerabilities.
Insight
Insight
The flaws are due to - boundary error in the HTTP Gateway service (icihttp.exe running on port 8080), when converting content of an FTP request listing from raw text to HTML. - insufficient bounds checking on certain FTP requests by sending a specially crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow.
Affected Software
Affected Software
CA eTrust Secure Content Manager version 8.0 - Windows (Any).
Solution
Solution
Apply patch QO99987.