漏洞信息详情
CA Total Defense Unified Network Control Server多个SQL注入漏洞
- CNNVD编号:CNNVD-201104-165
- 危害等级: 高危
- CVE编号: CVE-2011-1653
- 漏洞类型: SQL注入
- 发布时间: 2011-04-19
- 威胁类型: 远程
- 更新时间: 2021-04-13
- 厂 商: ca
- 漏洞来源:
漏洞简介
Computer Associates Total Defense是集成了反病毒、反间谍、网关安全、主机入侵防护系统等网络安全服务为一体的多层防护系统。
CA Total Defense(TD)SE2之前的r12版本中的Unified Network Control(UNC)Server中存在多个SQL注入漏洞。远程攻击者可以借助有关向量执行任意SQL命令。该向量与(1)UnAssignFunctionalRoles,(2)UnassignAdminRoles,(3)DeleteFilter,(4)NonAssignedUserList,(5)DeleteReportLayout,(6)DeleteReports和(7)RegenerateReport的存储过程有关。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={6C750E92-D109-4F7D-BA41-8D468B2E31B1}
参考网址
来源:BID
链接:https://www.securityfocus.com/bid/47355
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-130/
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517497/100/0/threaded
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-131/
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-132/
来源:SREASON
链接:http://securityreason.com/securityalert/8403
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517489/100/0/threaded
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517491/100/0/threaded
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517493/100/0/threaded
来源:CONFIRM
链接:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517498/100/0/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2011/0977
来源:SECTRACK
链接:http://securitytracker.com/id?1025353
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/66725
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-128/
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517496/100/0/threaded
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-129/
来源:SECUNIA
链接:http://secunia.com/advisories/44097
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-133/
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517494/100/0/threaded
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-11-134/
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517490/100/0/threaded
受影响实体
- Ca Total_defense:R12
补丁
- CA Total Defense Unified Network Control Server多个SQL注入漏洞的修复措施
评论