CA Total Defense Stored Procedure SQL注入

admin

0
文章

0
评论

2023-12-09 00:14:08 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

CA Total Defense Stored Procedure SQL注入

CVE编号

CVE-2011-1653

利用情况

暂无

补丁情况

N/A

披露时间

2011-04-19

漏洞描述

Computer Associates Total Defense用于保护网络，终端，集团组织，免受入侵，恶意程序和病毒等影响。Computer Associates Total Defense存在SQL注入攻击，可通过management.asmx控制台访问的RegenerateReport存储过程存在缺陷，管理WEB服务在TCP 34444和34443监听HTTP或HTTPS的SOAP 1.2请求。RegenerateReport存储过程实现的缺陷允许远程未验证用户在SOAP请求中注入SQL命令，通过调用exec函数可以SYSTEM用户上下文执行任意代码。

解决建议

用户可参考如下供应商提供的安全公告获得补丁信息：https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}

参考链接
http://secunia.com/advisories/44097
http://securityreason.com/securityalert/8403
http://securitytracker.com/id?1025353
http://www.securityfocus.com/archive/1/517489/100/0/threaded
http://www.securityfocus.com/archive/1/517490/100/0/threaded
http://www.securityfocus.com/archive/1/517491/100/0/threaded
http://www.securityfocus.com/archive/1/517493/100/0/threaded
http://www.securityfocus.com/archive/1/517494/100/0/threaded
http://www.securityfocus.com/archive/1/517496/100/0/threaded
http://www.securityfocus.com/archive/1/517497/100/0/threaded
http://www.securityfocus.com/archive/1/517498/100/0/threaded
http://www.securityfocus.com/bid/47355
http://www.vupen.com/english/advisories/2011/0977
http://www.zerodayinitiative.com/advisories/ZDI-11-128/
http://www.zerodayinitiative.com/advisories/ZDI-11-129/
http://www.zerodayinitiative.com/advisories/ZDI-11-130/
http://www.zerodayinitiative.com/advisories/ZDI-11-131/
http://www.zerodayinitiative.com/advisories/ZDI-11-132/
http://www.zerodayinitiative.com/advisories/ZDI-11-133/
http://www.zerodayinitiative.com/advisories/ZDI-11-134/
https://exchange.xforce.ibmcloud.com/vulnerabilities/66725
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065C...