lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 16 Jun 2009 08:05:26 -0400
From: "Williams, James K" <>
To: <>
Subject: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting 

CA Advisory Reference: CA20090615-02

CA Advisory Date: 2009-06-15

Impact: A remote attacker can inject arbitrary web script or HTML.

Summary: The release of Tomcat as included with CA Service Desk 
r11.2 is potentially susceptible to a cross-site scripting 
vulnerability.  CA has issued a technical document that describes 
remediation procedures.

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
CA Service Desk r11.2

Affected Platforms:
Windows, Unix

Status and Recommendation:
Follow the instructions in technical document TEC489643.\

How to determine if the installation is affected:
Customers can use the instructions in technical document TEC489643 
to determine if an installation may be affected.


References (URLs may wrap):
CA Support:
CA20090615-02: Security Notice for CA Service Desk
Solution Document Reference APARs:
CA Security Response Blog posting:
CA20090615-02: CA Service Desk Tomcat Cross Site Scripting 
CVE References:
OSVDB References: Pending

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your 
findings to the CA Product Vulnerability Response Team.

Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team

CA, 1 CA Plaza, Islandia, NY 11749
Legal Notice
Privacy Policy
Copyright (c) 2009 CA. All rights reserved.

Powered by blists - more mailing lists