exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA20090123-01.txt

CA20090123-01.txt
Posted Jan 27, 2009
Authored by Ken Williams | Site www3.ca.com

Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.

tags | advisory, arbitrary
advisories | CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128
SHA-256 | c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65

CA20090123-01.txt

Change Mirror Download
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities


CA Advisory Reference: CA20090123-01


CA Advisory Date: 2009-01-23


Reported By: n/a


Impact: Refer to the CVE identifiers for details.


Summary: Multiple security risks exist in Apache Tomcat as
included with CA Cohesion Application Configuration Manager. CA
has issued an update to address the vulnerabilities. Refer to the
References section for the full list of resolved issues by CVE
identifier.


Mitigating Factors: None


Severity: CA has given these vulnerabilities a Medium risk rating.


Affected Products:
CA Cohesion Application Configuration Manager 4.5


Non-Affected Products
CA Cohesion Application Configuration Manager 4.5 SP1


Affected Platforms:
Windows


Status and Recommendation:
CA has issued the following update to address the vulnerabilities.

CA Cohesion Application Configuration Manager 4.5:

RO04648
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search
&searchID=RO04648


How to determine if you are affected:

1. Using Windows Explorer, locate the file "RELEASE-NOTES".
2. By default, the file is located in the
"C:\Program Files\CA\Cohesion\Server\server\" directory.
3. Open the file with a text editor.
4. If the version is less than 5.5.25, the installation is
vulnerable.


Workaround: None


References (URLs may wrap):
CA Support:
http://support.ca.com/
CA20090123-01: Security Notice for Cohesion Tomcat
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975
40
Solution Document Reference APARs:
RO04648
CA Security Response Blog posting:
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Reported By:
n/a
CVE References:
CVE-2005-2090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
CVE-2005-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510
CVE-2006-3835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835
CVE-2006-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
CVE-2006-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196
CVE-2007-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
CVE-2007-1355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355
CVE-2007-1358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
CVE-2007-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858
CVE-2007-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
CVE-2007-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
CVE-2007-3385 *
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
CVE-2007-3386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
CVE-2008-0128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
*Note: the issue was not completely fixed by Tomcat maintainers.
OSVDB References: Pending
http://osvdb.org/


Changelog for this advisory:
v1.0 - Initial Release
v1.1 - Updated Impact, Summary, Affected Products


Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777
82


Regards,
Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team


CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2009 CA. All rights reserved.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close