CVE-2011-1655 - Vulnerability Details - OpenCVE

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Total Defense

Configuration 1 [-]

cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/44097
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517492/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/bid/47356
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-127/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66727
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-04-15T19:00:00

Updated: 2024-08-06T22:37:24.545Z

Reserved: 2011-04-06T00:00:00

Link: CVE-2011-1655

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-04-18T15:00:43.437

Modified: 2024-11-21T01:26:43.807

Link: CVE-2011-1655

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"name": "44097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44097"}, {"name": "ADV-2011-0977", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025353"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"name": "47356", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47356"}, {"name": "totaldefense-uncsw-code-execution(66727)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"name": "44097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44097"}, {"name": "ADV-2011-0977", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025353"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"name": "47356", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47356"}, {"name": "totaldefense-uncsw-code-execution(66727)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:24.545Z"}, "title": "CVE Program Container", "references": [{"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"name": "44097", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44097"}, {"name": "ADV-2011-0977", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"name": "1025353", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025353"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"name": "47356", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47356"}, {"name": "totaldefense-uncsw-code-execution(66727)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"name": "20110413 CA20110413-01: Security Notice for CA Total Defense", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1655", "datePublished": "2011-04-15T19:00:00", "dateReserved": "2011-04-06T00:00:00", "dateUpdated": "2024-08-06T22:37:24.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*", "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."}, {"lang": "es", "value": "M\u00f3dulo management.asmx en Management Web Service de Unified Network Control Server en CA Total Defense(TD)r12 antes de SE2 env\u00eda una respuesta en texto plano a las solicitudes getDBConfigSettings sin especificar, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener credenciales de base de datos, y, posteriormente, ejecutar c\u00f3digo arbitrario, mediante escuchas en la red, relacionados con el Servicio UNCWS Web."}], "id": "CVE-2011-1655", "lastModified": "2024-11-21T01:26:43.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-18T15:00:43.437", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44097"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1025353"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47356"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025353"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}