CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.7%
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
Vendor | Product | Version | CPE |
---|---|---|---|
ca | xosoft_content_distribution | r12.0 | cpe:2.3:a:ca:xosoft_content_distribution:r12.0:*:*:*:*:*:*:* |
ca | xosoft_content_distribution | r12.5 | cpe:2.3:a:ca:xosoft_content_distribution:r12.5:*:*:*:*:*:*:* |
ca | xosoft_high_availability | r12.0 | cpe:2.3:a:ca:xosoft_high_availability:r12.0:*:*:*:*:*:*:* |
ca | xosoft_high_availability | r12.5 | cpe:2.3:a:ca:xosoft_high_availability:r12.5:*:*:*:*:*:*:* |
ca | xosoft_replication | r12.0 | cpe:2.3:a:ca:xosoft_replication:r12.0:*:*:*:*:*:*:* |
ca | xosoft_replication | r12.5 | cpe:2.3:a:ca:xosoft_replication:r12.5:*:*:*:*:*:*:* |
www.securityfocus.com/archive/1/510564/100/0/threaded
www.securityfocus.com/archive/1/510565/100/0/threaded
www.securityfocus.com/archive/1/510567/100/0/threaded
www.securityfocus.com/bid/39238
www.zerodayinitiative.com/advisories/ZDI-10-065/
www.zerodayinitiative.com/advisories/ZDI-10-066/
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869