| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jun 2009 08:06:14 -0400 From: "Williams, James K" <James.Williams@...com> To: <full-disclosure@...ts.grok.org.uk> Subject: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability CA Advisory Reference: CA20090615-02 CA Advisory Date: 2009-06-15 Impact: A remote attacker can inject arbitrary web script or HTML. Summary: The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures. Mitigating Factors: None Severity: CA has given this vulnerability a Medium risk rating. Affected Products: CA Service Desk r11.2 Affected Platforms: Windows, Unix Status and Recommendation: Follow the instructions in technical document TEC489643. https://support.ca.com/irj/portal/anonymous/\ redirArticles?reqPage=search&searchID=TEC489643 How to determine if the installation is affected: Customers can use the instructions in technical document TEC489643 to determine if an installation may be affected. Workaround: None References (URLs may wrap): CA Support: https://support.ca.com/ CA20090615-02: Security Notice for CA Service Desk https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=2095 00 Solution Document Reference APARs: TEC489643 CA Security Response Blog posting: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15.aspx CVE References: CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at https://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Charset: utf-8 wj8DBQFKN4queSWR3+KUGYURAnrZAJ9sEgBd5Lw57AW6egPeJu8CDyUv8gCcC8hT auAyFOQijA812rBtlTXJmtA= =ssdM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists