SNS Vulnerability

CA Products Tomcat Data Parsing Cross Site scripting Vulnerability

Description

A vulnerability has been identified in CA Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, and Unicenter Patch Management, which could be exploited to conduct cross site scripting attacks. This issue is caused by an error in Tomcat. For additional information, see : FrSIRT/ADV-2008-2305

Vulnerable Products

Vulnerable Software:
Unicenter Asset Portfolio Management version 11.3Unicenter Asset Portfolio Management version 11.3.4Unicenter Desktop and Server Management version 11.2Unicenter Patch Management version 11.2

Solution

Unicenter Asset Portfolio Management - Follow the instructions in solution document RI09916:https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RI09916Unicenter Desktop and Server Management and Unicenter Patch Management - Follow the instructions in technical document TEC491323:https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC491323https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095

CVE

CVE-2008-1232

References

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Low

Vulnerability First Public Report Date

2009-08-07

Target Type

Client + Server

Possible exploit

Local & Remote