Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Severity

Critical

Family

Denial of Service

CVSSv2 Base

10.0

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Vendor Patch

Created

15 years ago

Modified

5 years ago

The host is installed with CA eTrust Secure Content Manager which is prone to arbitrary code execution and DoS Vulnerabilities.

Insight

The flaws are due to - boundary error in the HTTP Gateway service (icihttp.exe running on port 8080), when converting content of an FTP request listing from raw text to HTML. - insufficient bounds checking on certain FTP requests by sending a specially crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow.

Affected Software

CA eTrust Secure Content Manager version 8.0 - Windows (Any).

Solution

Apply patch QO99987.

Common Vulnerabilities and Exposures (CVE)

CVE-2008-2541

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Severity

Family

CVSSv2 Base

CVSSv2 Vector

Solution Type

Created

Modified

Share

Insight

Affected Software

Solution

Common Vulnerabilities and Exposures (CVE)

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Insight

Insight

Affected Software

Affected Software

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References