Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability CA Advisory Reference: CA20090615-02 CA Advisory Date: 2009-06-15 Impact: A remote attacker can inject arbitrary web script or HTML. Summary: The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures. Mitigating Factors: None Severity: CA has given this vulnerability a Medium risk rating. Affected Products: CA Service Desk r11.2 Affected Platforms: Windows, Unix Status and Recommendation: Follow the instructions in technical document TEC489643. https://support.ca.com/irj/portal/anonymous/\ redirArticles?reqPage=search&searchID=TEC489643 How to determine if the installation is affected: Customers can use the instructions in technical document TEC489643 to determine if an installation may be affected. Workaround: None References (URLs may wrap): CA Support: https://support.ca.com/ CA20090615-02: Security Notice for CA Service Desk https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=2095 00 Solution Document Reference APARs: TEC489643 CA Security Response Blog posting: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15.aspx CVE References: CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at https://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved.