lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ED311CBEE6993C428563DEDF6D083BC870A4C42F@usilms113b.ca.com>
Date: Thu, 13 Feb 2014 17:55:53 +0000
From: "Williams, James K" <Ken.Williams@...com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
  "vuln@...unia.com" <vuln@...unia.com>,
  "moderators@...db.org" <moderators@...db.org>,
  "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: RE: CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E
 Web Option


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Date: Wed, 12 Feb 2014 15:59:34 -0000
> From: "Portcullis Advisories" <advisories@...tcullis-security.com>
[snip]
> Vulnerability title: Unauthenticated Privilege Escalation in CA 
> 2E Web Option
>
> CVE: CVE-2014-1219
> Vendor: CA
> Product: 2E Web Option
> Affected version: 8.1.2
[snip]               


CA Technologies is currently investigating a vulnerability report 
concerning CA 2E Web Option that was published publicly on 2014-02-11 
(CVE-2014-1219).

This statement can be found at 
http://blogs.ca.com/securityresponse/2014/02/13/

Note that r8.1.2 reached End of Service (EOS) on April 10, 2013 and is 
no longer supported.  Customers can find the End of Service Announcement, 
dated April 10, 2012, on the CA Support website.
https://support.ca.com/

Thanks and regards,
Ken Williams, Director
CA Technologies Product Vulnerability Response Team
CA Technologies Business Unit Operations
Ken.Williams@...com


Copyright (C) 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 
11749. All other trademarks, trade names, service marks, and logos 
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.1 (Build 13100)
Charset: utf-8

wj8DBQFS/QaPeSWR3+KUGYURApj7AKCX/WOzON/8X9BgbQk4Siz/bDtGBQCeIO8S
VrgYM0oZD2rTLdIN0aje5to=
=AjzU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ