CVE-2011-1655 - OpenCVE

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Total Defense

Configuration 1 [-]

cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/44097	Vendor Advisory
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517492/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/bid/47356
http://www.vupen.com/english/advisories/2011/0977	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-127/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66727
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-04-15T19:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2011-04-06T00:00:00

Link: CVE-2011-1655

JSON object: View

NVD Information

Status : Modified

Published: 2011-04-18T15:00:43.437

Modified: 2023-11-07T02:07:04.153

Link: CVE-2011-1655

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"name": "44097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44097"}, {"name": "ADV-2011-0977", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025353"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"name": "47356", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47356"}, {"name": "totaldefense-uncsw-code-execution(66727)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"name": "44097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44097"}, {"name": "ADV-2011-0977", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025353"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"name": "47356", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47356"}, {"name": "totaldefense-uncsw-code-execution(66727)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1655", "datePublished": "2011-04-15T19:00:00", "dateReserved": "2011-04-06T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*", "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}, {"lang": "es", "value": "M\u00f3dulo management.asmx en Management Web Service de Unified Network Control Server en CA Total Defense(TD)r12 antes de SE2 env\u00eda una respuesta en texto plano a las solicitudes getDBConfigSettings sin especificar, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener credenciales de base de datos, y, posteriormente, ejecutar c\u00f3digo arbitrario, mediante escuchas en la red, relacionados con el Servicio UNCWS Web."}], "id": "CVE-2011-1655", "lastModified": "2023-11-07T02:07:04.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-18T15:00:43.437", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44097"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1025353"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47356"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}