----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
CA Products Apache Tomcat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA33668

VERIFY ADVISORY:
http://secunia.com/advisories/33668/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting, Exposure of sensitive
information, DoS

WHERE:
>From remote

SOFTWARE:
CA Unicenter Service Desk 11.x
http://secunia.com/advisories/product/7123/
CA CMDB 11.x
http://secunia.com/advisories/product/19967/
CA Cohesion Application Configuration Manager 4.x
http://secunia.com/advisories/product/21107/

DESCRIPTION:
CA has acknowledged some vulnerabilities in various CA products,
which can be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, cause a DoS (Denial of Service).

The vulnerabilities are caused due to the usage of vulnerable Apache
Tomcat versions.

For more information:
SA17416
SA24732
SA25678
SA25721
SA26465
SA26466
SA28552

The vulnerabilities are reported in the following products and
versions:
* CA Cohesion Application Configuration Manager 4.5
* CA CMDB Application Server 11.1
* Unicenter Service Desk 11.2

SOLUTION:
Apply patch RO04648.
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO04648

ORIGINAL ADVISORY:
CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

OTHER REFERENCES:
SA17416:
http://secunia.com/advisories/17416/

SA24732:
http://secunia.com/advisories/24732/

SA25678:
http://secunia.com/advisories/25678/

SA25721:
http://secunia.com/advisories/25721/

SA26465:
http://secunia.com/advisories/26465/

SA26466:
http://secunia.com/advisories/26466/

SA28552:
http://secunia.com/advisories/28552/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------